oauth2.dev

scope

IESG

Registry Context

The `scope` JWT claim carries the scopes associated with a token as a space-separated string.

Technical Summary

RFC 8693 defines `scope` as a JSON string containing a space-separated list of scopes associated with the token, using the format described in RFC 6749 Section 3.3.

When Used

When scopes associated with a token are represented in a JWT Claims Set.

Validation Guidance

error

Verify that the claim value is a JSON string, not an array, object, number, boolean, or null.

error

Verify that the value conforms to `scope = scope-token *( SP scope-token )`, with no empty tokens or leading, trailing, or repeated spaces.

error

Treat scope strings as case-sensitive.

error

Verify that each scope token conforms to `scope-token = 1*( %x21 / %x23-5B / %x5D-7E )`.

Reference

Details

Entry Id
scope
Claim Name
scope
Claim Description
Scope Values
Change Controller
IESG
Reference
RFC8693 - Section 4.2