Scope is a parameter as defined in the OAuth 2.0 standards to enable a client to specify the scope of the access request. The scope parameter allows the application to express the desired scope of the access request. The scope parameter can also be used by the authorization server in the response to indicate which scopes were actually granted (if they are different than the ones requested).
You can use scopes to:
Let an application authenticate users and get additional information about them, such as their email or picture.
- Implement granular access control to your API. In this case, you need to define custom scopes (claims) for your API and add these newly-created scopes to your
scope
request parameter.
Sample custom action and their OAuth scopes for Concur:
In the example above when building your custom action with an HTTP request, the request will be authorized under the Concur connection OAuth scopes:
Expense reports:add, Expense reports:approve, Expense reports:update, List items:add,
List items:update, List items:delete, Images:add, Images:retrieve report, Images:line item
If you have not successfully authenticated or does not authorize the scopes for your application, an error code and description will be appended to the redirect URI, typically with a 403 error message.
If in any case the scope is not listed on the custom action, you can specify the scope by appending it on the base URI and path. your application can request multiple scopes as space or comma separated list.
For example, you want to have this scope on your custom action: teams:read users:read
You can specify it to something like this:
https://slack.com/oauth/authorize? client_id=...& scope=team%3Aread+users%3Aread
For additional information, it's best to check the API documentation of the application to find out the scopes needed for the action you want to use.