Scopes are identifiers for users or resources that a client wants to access. This identifier is sent to Unit4 Identity Services (U4IDS) during an authentication or token request.
By default every client is allowed to request tokens for every scope, but you can restrict that when you configure the scope with U4IDS.
U4IDS supports two types of scopes:
- Identity scopes
- Resource scopes
Requesting identity information (claims) about a user, for example name or email address is modeled as a scope in OpenID Connect.
There is, for example, a scope called profile that includes first name, last name, preferred username, gender, profile picture and more. See here for details on the standard scopes.
Resource scopes identify web APIs (also called resource servers) - you could have e.g. a scope named calendar that represents your calendar API. You are free to model your scopes as you wish.
For details on what properties can be set to control the behavior of a scope, see the scope configuration guide.