Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Question: Can I have scopes without claims?
See original GitHub issueI’m wondering if I can use scopes without claims in the case described here. Or is this considered bad practice?
I want to use scope to give access to my API, but I dont wish to return anything for the specified scope in the /userinfo url. Is this valid? or is it the actual way scopes are intended to be used most of the time?
Issue Analytics
- State:
- Created 5 years ago
- Comments:7 (4 by maintainers)
Top Results From Across the Web
The Scoop on “Scope” (of loss) - United Policyholders
A clear and complete scope of loss helps a property owner get a fair, full and prompt insurance claim settlement and resist “lowballing,”...
Read more >When to use a scope, and when to use a claim #67 - GitHub
TL;DR; yes. Scopes are at the client level, claims are at the resource's (user's) level, to the best of my understanding. The rest,...
Read more >faq-providers-no-surprises-rules-april-2022.pdf - CMS
This document contains information on frequently asked questions from providers and facilities regarding No Surprises rules, independent dispute.
Read more >asp.net mvc - How can I map 'scope' values to Identity Claims?
I've specified an Authorization Policy that requires the scope my_custom_value , e.g. I can see that my auth token has the following scopes:...
Read more >2258-Scope of Ex Parte Reexamination - USPTO
(a) Claims in an ex parte reexamination proceeding will be examined on the basis of patents or printed publications and, with respect to...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
It happens between user logs in and showing OpenID authorization.
Hi @ggjersund
1st question Yes you can! just return empty
{}. Is a valid usage.2nd question That is out of the scope of openid, and can be implemented appart. Fox example when user clicks “accept policy” you store
user, scopes, date, etcthen you can use OIDC_AFTER_USERLOGIN_HOOK to check if the user accept that scopes.Any other question please ask! Thanks.