Requesting special Scopes

Both Client-Side and Server-Side flow can request special permission to the user.

These permissions will be displayed automatically to the user in the Application Accreditation Display during the OAuth process for allow him understand the resources needed by the application and decide if he wants to grant access or not.

Special permissions are called SCOPE and are required in the first step of each flow, including the scope parameter with the desired values, separated by commas if there are more than one.

The possible values for SCOPE parameter are:

  • offline_access: the access token generated will not expire by expiration time. If your app store it, you must take into account safety considerations. This access token can be invalidated by the user manually in any moment.
  • email: Your app will know the user email requesting the appropriate operations.
  • profile: Your app will know personal details such as gender and date of birth.