Scopes
Clients use scope values to specify what access privileges are being requested for Access Tokens. The scopes associated with Access Tokens determine what resources will be available when they are used to access OAuth 2.0 protected endpoints. For OpenID Connect, scopes can be used to request that specific sets of information be made available as Claim Values. For an understanding of how scopes are used, see Scope Values.
In addition to the OpenID Connect standard scopes of openid, profile, email, offline_access, address, and phone, PRIVO provides additional scopes to request that specific sets of information be made available as Claim Values.
| Scope | Definition |
|---|---|
| PRIVOLOCK | Used for API access. |
| TRUST | Verifies entity is a trusted partner. |
| user_profile | Provides attributes and display names of the User. |
| additional_info | Provides permissions, role information, site token, shadow account and verification tier for the User. |
| trust_email | Trusted partnership to allow email to be flagged as "verified". Requires use case and contract approval. |
| delete_account | Removes accounts entirely from the system. Requires use case and contract approval. |
| shadow | Creates shadow account User |
| consent_url | Displays consent URL associated to the given request. Requires use case and contract approval. |