Scopes table makes little sense.

[weierophinney]

• [X] I was not able to find an open or closed issue matching what I'm seeing.
• [X] This is not a question. (Questions should be asked on slack (Signup for Slack here) or our forums.)

As scopes are not really attached to anything, this table doesn't make much sense. It doesn't look like I can attach scopes to users or clients, so all we have is a table of valid scope names which doesn't do a whole lot for us.

I suggest we either do away with scopes, or allow scopes to be added to clients/users

---

Originally posted by @wshafer at https://github.com/zendframework/zend-expressive-authentication-oauth2/issues/27

[weierophinney]

I certainly don't think we should do away with scopes they are an integral part, and think they should be linked to both clients and users when implemented properly.

For example a scope of read-user-profile could be requested by a client, which would then be stored by the client along with the refresh token and user id. The user profile could then be requested by that particular client via the refresh token at any time.

A really good example of scope implementation can be found here which is done by CCP Games whereby third party clients can request access to certain in-game character info once the user has logged in and granted them the required scopes.

---

Originally posted by @sheridans at https://github.com/zendframework/zend-expressive-authentication-oauth2/issues/27#issuecomment-402323527

[sheridans]

It was me that mentioned the CCP link to you, as a long time eve playet and have done many projects for eve online utilising their oauth api and the way the utilise scopes is amazing.

I based our helpdesk/ticket system on the same principles whereby third party apps can get access to a users open tickets, notifications and user profile info using scopes, which works really well.