scope
Registry Context
In OAuth 2.0 Dynamic Client Registration, `scope` is the registered scope string for a client. RFC 7591 treats client metadata fields as optional unless stated otherwise, and if `scope` is omitted the authorization server may assign a default scope set.
Technical Summary
RFC 7591 defines `scope` as a space-separated string of scope values the client can use when requesting access tokens. The field is optional unless another statement overrides that default, and an authorization server may register a client with a default set of scopes when `scope` is omitted.
When Used
When dynamically registering a client and specifying or deriving the client's allowed access-token scopes.
Normative Requirements
Authorization servers
RFC 7591 - Section 2
Register a client with a default set of scopes when `scope` is omitted..
Condition: If `scope` is omitted.
If omitted, an authorization server MAY register a client with a default set of scopes.
Implementations
RFC 7591 - Section 2
Implement and use the `scope` client metadata field as optional..
Condition: Unless stated otherwise.
The implementation and use of all client metadata fields is OPTIONAL, unless stated otherwise.
Validation Guidance
Allow `scope` to be absent in client metadata.
If `scope` is absent, accept server-defined default scopes rather than treating omission as invalid.
Reference
Details
- Entry Id
scope- Client Metadata Name
scope- Client Metadata Description
Space-separated list of OAuth 2.0 scope values- Change Controller
IESG- Reference
RFC7591