Supported Scopes
This document lists the OAuth 2.0 scopes which are supported in the current IAM server.
Scopes
Basic Information
| Scope ID | Description |
|---|---|
| openid | Gets basic information including id, name, and email. |
Offline Access
Offline Access scope enables the capability of request data without the
presence of the user. IAM only issues refresh_token to the client
application with offline_access
| Scope ID | Description |
|---|---|
| offline_access | Requesting data on behalf of the user when the user is not present and in front of your application. |
Freebusy Time Access
Freebusy Time Access scope enables the capability of access DAS freebusy APIs:
- GET /api/freebusy/busytime
- Other DAS Freebusy APIs for room
| Scope ID | Description |
|---|---|
| das.freebusy | Collects busy time information for a given user. |
Shared Calendar Read Access
This scope enables the capability of access DAS calendar read APIs. Beware that the read access to the delegated Calendar data will also be authorized with this scope.
- GET /{folder}/{database}/api/calendar/events
- GET /{folder}/{database}/api/calendar/events/{uid}
- GET /{folder}/{database}/api/calendar/events/{uid}/instances
- GET /{folder}/{database}/api/calendar/events/{uid}/{recurrenceId}
- GET /{folder}/{database}/api/calendar/invitations
- GET /{folder}/{database}/api/calendar/events/{uid}/notices
- GET /{folder}/{folder}/{database}/api/calendar/notices/{id}
| Scope ID | Description |
|---|---|
| das.calendar.read.with.shared | Allows users to read any calendars they have access to. |
Exclusive Calendar Read Access
This scope allows the owner of a calendar to read it.
- GET /{folder}/{database}/api/calendar/events
- GET /{folder}/{database}/api/calendar/events/{uid}
- GET /{folder}/{database}/api/calendar/events/{uid}/instances
- GET /{folder}/{database}/api/calendar/events/{uid}/{recurrenceId}
- GET /{folder}/{database}/api/calendar/invitations
- GET /{folder}/{database}/api/calendar/events/{uid}/notices
- GET /{folder}/{folder}/{database}/api/calendar/notices/{id}
| Scope ID | Description |
|---|---|
| das.calendar.read.owner.only | Grants read access to the calendar owned by the associated user. |
Shared Calendar Write Access
This scope enables the capability of access DAS calendar write APIs. Beware that the write access to the delegated Calendar data will also be authorized with this scope.
- All DAS Calendar APIs other than the ones described in
Calendar Read Access.
| Scope ID | Description |
|---|---|
| das.calendar.write.with.shared | Allows users to update any calendars they have edit access to. |
Exclusive Calendar Write Access
This scope allows the owner of a calendar to modify it.
- All DAS Calendar APIs other than the ones described in
Exclusive Calendar Read Access.
| Scope ID | Description |
|---|---|
| das.calendar.write.owner.only | Grants create, update and delete capability on |
calendar data owned by the associated user.
Domino Database Access
This scope enables the capability of accessing Proton through domino-db module. Beware that the encryption/decryption related operations (e.g. Read encrypted document) are not allowed, the application can only perform operations in databases the application has access to on behalf of user.
| Scope ID | Description |
|---|---|
| domino.proton.db.access | Perform operations on Notes applications on your behalf. |
Use scopes
When you register a client application, you set the scopes that define the resources the application wants to access. It is recommended to only register the scopes needed by the application.
When you develop a client application, you must pass an array of scope ids
when creating the authorization context. The scope array determines which scopes will
be displayed in user consent page. If the scope is not registered, it will be ignored.
Reference
For usage of these APIs, please refer to the latest Domino Access Services documentation.
Now your application would neither need to record user's password for basic authentication nor deploy on Domino to share session authentication. Deploy your application anywhere and enjoy OAuth.