OAuth2 scopes vs Roles

Scopes are typically used when an external application wants to gain access to the user’s data via an exposed API. They determine what the client application can do.
Role (or group) based access is typically used within an application to determine what a user can do.

https://stackoverflow.com/a/60943090/1515209

See also:

https://www.linkedin.com/pulse/oauth-roles-scopes-pablo-cibraro/?articleId=6675773770986336256

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.