OAuth Scopes
Table of Contents
OAuth scopes let you specify exactly how your app needs to access data. As an app developer, you specify your desired scopes in the initial OAuth authorization request. In some cases, when a user is responding to your OAuth request, the requested scopes will be displayed to them when they are asked to approve your request.
When creating an service that obtain an access token through the client credential flow, the scopes associated to the client will automatically be granted.
Data access limitations
The access your client can have on the data is limited by several parameters:
- The client roles
- The authenticated user
- The client scopes
How are scopes defined
InfoFlora uses scopes that refer to the resource they grant access to, followed by the class of actions on that resource they allow (e.g. file:write). Additionally, some scopes may have an optional modifier which will reduce scope action range on resource.
The list of resources includes observation, validation, user, along with many other resources.
[resource]:[action]:[modifier]
Existing scopes
Scopes are granted to OAuth client and allows applications perform various operations on data.
| Scope | Description |
|---|---|
community:read |
Allows to read information about communities |
community:write |
Allows to create and update information about communities |
document:read |
Allows to read documents |
document:write |
Allows to create and update documents |
florid:read |
Allows to read FlorID identifications |
invitation:read |
Allows to read invitations information |
invitation:write |
Allows to create and update invitations information |
mission:read |
Allows to read missions information |
mission:write |
Allows to create and update missions information |
observation:read |
Allows to read observations information |
observation:write |
Allows to create and update observations information |
observation:write:flags |
Allows to update observations flags |
observation:validate |
Allows to make validation actions on observations |
observation:moderate |
Allows to moderate validation conflicts on observations |
person:read |
Allows to read people information |
person:write |
Allows to create and update person |
policy:read |
Allows to read access policies |
policy:write |
Allows to create and update access policies |
project:read |
Allows to read projects information |
project:write |
Allows to create and update projects information |
regioflora:write |
Allows to create and update regioflora information |
releve:read |
Allows to read releves information |
releve:write |
Allows to create and update releves information |
station:read |
Allows to read stations information |
station:write |
Allows to create and update stations information |
statistic:read |
Allows to read statistics |
user:read |
Allows to read user information |
user:read:people |
DEPRECATED, use person:read instead. Allows to access people information |
user:read:observation-rights |
Allows to read user rights on observations |
user:write |
Allows to update user information |
validation:read |
Allows to read validation information |
validation:read:status |
Allows to read validation statuses |
validation:write |
Allows to create and update validation information |
validation:write:observations |
Allows to notify validation of observation changes |