OAuth Scope

Scopes define a level of access someone gets when authorising using OAuth 2.0 to resources.
In OAuth, you specify scopes when requesting authorisation. The OAuth provider (e.g., Google, GitHub) will ask the user:

“Do you allow this app to access X, Y, and Z?”

The user can see what your app is requesting before granting access.

Examples

Let’s say you’re integrating with Google Drive. Different scopes provide different access levels:

Scope	Permission Granted
`https://www.googleapis.com/auth/drive.readonly`	Read-only access to Drive files
`https://www.googleapis.com/auth/drive.file`	Read and write files your app created
`https://www.googleapis.com/auth/drive`	Full access to all Drive files (dangerous!)

If your app only needs to read files, don’t request drive (full access)—only request drive.readonly.

General Rules

Only request access to what you need, nothing more, nothing less. Otherwise, users will be suspicious why you need access to so many things
Make sure you handle denied permissions gracefully.

Checking User’s cope

You can check users’s scope in the app by decoding the Access Token.

Function Junction

Explorer

OAuth Scope

Examples

General Rules

Checking User’s cope

Recent Notes

Ahoy, brave internet wanderer!

USA Wild West Camper Van

Switzerland 2025

Table of Contents

Backlinks