https://www.ory.sh/ logo
Join Slack
Powered by
<@U04UQ68083H> how to add allowed scopes to oauth2...
# ory-copilot
m
@chilly-king-10285 how to add allowed scopes to oauth2 client
c
A message from kapa.ai
To add allowed scopes to an OAuth2 client in Ory, you need to specify the scopes when creating or setting the OAuth2 client. The scopes are a space-separated list of values that the client can use when requesting access tokens. Here is an example of creating an OAuth2 client with specific scopes using the Ory CLI:
Copy code
bash ory create oauth2-client \    --grant-type authorization_code \    --response-type code \    --scope openid \    --token-endpoint-auth-method client_secret_post \    --redirect-uri <https://my-app.com/callback>
In this example, the 
--scope
flag is used to specify the scopes (
openid
in this case). You can include multiple scopes by separating them with a space. Please note that the acceptable scope values are dependent on the resource server. Ory OAuth2 and OpenID Connect have pre-defined OAuth2 scope values such as 
offline_access
and 
openid
. Sources: - [Example OAuth2 clients](https://www.ory.sh/docs/hydra/guides/oauth2-clients#example-oauth2-clients) - [OAuth2 scopes represent user consent](https://www.ory.sh/docs/oauth2-oidc/overview/oauth2-concepts#oauth2-scopes-represent-user-consent) - [Hydra API Reference](https://www.ory.sh/docs/hydra/reference/api)
m
@chilly-king-10285 is it possible to do using cli?
c
A message from kapa.ai
Yes, it is possible to add allowed scopes to an OAuth2 client using the Ory CLI. When creating or updating an OAuth2 client, you can use the 
--scope
flag to specify the scopes. Here is an example of how to create an OAuth2 client with specific scopes:
Copy code
bash ory create oauth2-client --project "$project_id" \    --name "Example Corp" \    --grant-type authorization_code,refresh_token \    --response-type code \    --scope openid,offline_access,email \    --redirect-uri <https://your-project-slug.projects.oryapis.com/self-service/methods/oidc/callback/H1o_k--i>
In this example, the 
--scope
flag is used to specify the scopes (
openid
, 
offline_access
, and 
email
). You can include multiple scopes by separating them with a comma. Source: [Ory Documentation](https://www.ory.sh/docs/kratos/social-signin/ory)
m
@chilly-king-10285 what flag to use to skip consent step in auth2 flow?
c
A message from kapa.ai
To skip the consent step in the OAuth2 flow using the Ory CLI, you can use the 
--skip-consent
flag when creating or updating an OAuth2 client. Here is an example of how to create an OAuth2 client and skip the consent step:
Copy code
bash ory create oauth2-client \    --skip-consent \    # ...
Similarly, to skip the logout consent screen, you can use the 
--skip-logout-consent
flag:
Copy code
bash ory create oauth2-client \    --skip-logout-consent \    # ...
Please note that skipping the consent step is generally used for first-party scenarios where you want to automatically grant consent to the client. Sources: - [Skip consent and logout consent](https://www.ory.sh/docs/oauth2-oidc/skip-consent) - [Ory CLI Documentation](https://www.ory.sh/docs/cli/ory-update-oauth2-client#options)
2 Views
Open in Slack
PreviousNext
Powered by