Consent Scopes

Console View

Consent Scopes Console

Consent Scopes define the specific resources that an application can request access to.

Scope Types

OIDC Standard: openid, profile, email, address, phone.
API Access: Custom scopes like api:read, orders:write.
Resource Scopes: Scopes bound to specific resource servers.

When a user logs in to an application requesting these scopes, they may be presented with a Consent Screen asking for permission (e.g., "App X wants to view your email address").

Admin Configuration

Description: The text shown to the user.
Default: Whether the scope is granted automatically without prompting (if the app is trusted).
Restricted: Scopes that require admin approval to be assigned to an app.

Console View​

Scope Types​

User Consent​

Admin Configuration​

Console View

Scope Types

User Consent

Admin Configuration