OAuth scopes define the permissions granted to an application on behalf of a user who logs in to Alibaba Cloud. You can add, delete, and set required OAuth scopes for an application.
Add OAuth scopes
-
Log on to the RAM console as a RAM administrator.
-
In the left navigation pane, choose .
-
On the Enterprise Applications tab, click the target application.
-
On the OAuth Scope tab, click Add OAuth Scopes.
-
In the Add OAuth Scopes panel, select the scopes you want to add.
NoteThe aliuid and profile scopes are associated with ID tokens. Other scopes are associated with access tokens. Supported scopes are listed in OAuth application overview.
-
Click OK.
Delete OAuth scopes
-
On the OAuth Scope tab, find the scope you want to delete and click Delete OAuth Scope in the Actions column.
NoteThe openid scope is a default scope and cannot be deleted.
-
In the Delete OAuth Scope dialog box, click Delete OAuth Scope.
Set an OAuth scope as required
After you add OAuth scopes, you can set a scope as required or remove its required status. A required scope is selected by default and users cannot deselect it when granting permissions on the application.
Set a scope as required
In the list of OAuth scopes, find the target scope and click Set as Required in the Actions column.
Ensure your application requires this authorization. Your application is responsible for protecting user data and must use all granted data and permissions lawfully and compliantly.
Cancel the required status of a scope
In the list of OAuth scopes, find the required scope and click Cancel Required in the Actions column.