Incremental Auth

Hey All,

Is it possible to add scopes based on which features a user chooses to access?

For example, no scopes on login but if a user chooses to access a marketing feature of the application then they a prompted to grant access to a related set of scopes. Then if they access a second feature that has different scopes they can authorize those scopes.

Or do you need to request all scopes up front?



This can be done, its mainly happening on your end. Basically you have two choices:
Request the individual scopes and store multiple refresh tokens, or with every additional scope you can request all the ones you already have plus the additional one (it will be visible like that also on the sso webpage, sth like already granted and new scopes).
I would make sure to use SSOv2 as the webtoken contains the information about scopes without the need to hit any verification endpoint.



@Snitch_Ashor is 100% correct

Here is how it works in detail:

  • Include all scopes in your Eve app on
  • Let the user make his choice, then only include the scopes related to the user’s choice in the scope parameter of your generated SSO URL

Btw. this works for every Oauth2.0 service. you can always just request a subset of the scopes in your SSO URL that you have defined for the SSO app. e.g. I do the same with my Slack apps.

What does this look like in the users approved applications page?

Is my app going to show up multiple times because there are multiple refresh tokens or is it all just under one app?

It will show up multiple times. Once for each token. The users can revoke each token separately.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.