Scopes are created and managed at the Authorization Server level. They can be associated with either the Client or the Application Secret. When calling the token endpoint, the Authorization Server will check if the Client or Application Secret has the set of Scopes associated. If the Scopes are not associated with the Client or Application Secret, then the Authorization Server will not include the scope(s) in the Access Tokens scp claim.
Acceptance Criteria
Scopes have a persistence model and repository
Scopes have an HTTP model
Scopes have a Service that converts between the persistence layer and the HTTP layer
The Scopes documentation has been updated to include the information in the description of this ticket.
Scopes
Scopes are created and managed at the Authorization Server level. They can be associated with either the Client or the Application Secret. When calling the token endpoint, the Authorization Server will check if the Client or Application Secret has the set of Scopes associated. If the Scopes are not associated with the Client or Application Secret, then the Authorization Server will not include the scope(s) in the Access Tokens scp claim.
Acceptance Criteria