Supported Scopes
This document lists the OAuth 2.0 scopes which are supported in current IAM server.
Scopes
Basic Information
| Scope ID | Description |
|---|---|
| openid | Gets basic information including id, name and email. |
Offline Access
Offline Access scope enables the capability of request data without the
present of user. IAM only issues refresh_token to client application with offline_access
| Scope ID | Description |
|---|---|
| offline_access | Requesting data on behalf of the user when the user is not present and in front of your application. |
Freebusy Time Access
Freebusy Time Access scope enables the capability of access DAS freebusy APIs:
- GET /api/freebusy/busytime
- Other DAS Freebusy APIs for room
| Scope ID | Description |
|---|---|
| das.freebusy | Collects busy time information for a given user. |
Calendar Read Access
This scope enables the capability of access DAS calendar read APIs. Beware that the read access to the delegated Calendar data will also be authorized with this scope.
- GET /{folder}/{database}/api/calendar/events
- GET /{folder}/{database}/api/calendar/events/{uid}
- GET /{folder}/{database}/api/calendar/events/{uid}/instances
- GET /{folder}/{database}/api/calendar/events/{uid}/{recurrenceId}
- GET /{folder}/{database}/api/calendar/invitations
- GET /{folder}/{database}/api/calendar/events/{uid}/notices
- GET /{folder}/{folder}/{database}/api/calendar/notices/{id}
| Scope ID | Description |
|---|---|
| das.calendar.read.with.shared | Allows users to read any calendars they have access to. |
Calendar Write Access
This scope enables the capability of access DAS calendar write APIs. Beware that the write access to the delegated Calendar data will also be authorized with this scope.
- All DAS Calendar APIs other then the ones described in
Calendar Read Access.
| Scope ID | Description |
|---|---|
| das.calendar.write.with.shared | Allows users to update any calendars they have edit access to. |
Use scopes
When you register a client application, you set the scopes that define the resources the application want to access. It is recommended to only register the scopes needed by application.
When you develop a client application, you must pass the an array of scope ids
when creating authorization context. The scope array determines which scopes will
displayed in user consent page. If the scope is not registered, it will be ignored.
Reference
For usage of these APIs, please refer to the latest Domino Access Services document.
Now your application would neither need to record user's password for basic authentication nor deploy on Domino to share session authentication. Deploy you application anywhere and enjoy OAuth.