🔑JWT & Auth

OAuth2 Scopes Pattern

Naming conventions for permissions and access levels.

Explanation

Scopes allow users to grant limited access to their data without sharing their password.

Examples

Standard Scopes
Output
openid profile email
API Scopes
Output
read:users write:orders

Code Examples

Scope Patterns 
read:profile   # View basic info
write:profile  # Edit profile
admin:full     # Full system access

💡 Tips

  • Use a "resource:action" naming convention
  • Only request the minimum scopes needed (Least Privilege)
  • Explain to users exactly what each scope allows

⚠️ Common Pitfalls

  • Broad scopes like "all" or "*" are a security risk
← Back to All Templates