Skip to main content

Identity Provider Scopes

  • Environmental Variable: IDP_SCOPES
  • Config File Key: idp_scopes
  • Kubernetes: see identityProvider.scopes
  • Type: list of string
  • Default: openid,profile, email, offline_access (typically)
  • Optional for built-in identity providers.

Identity provider scopes correspond to access privilege scopes as defined in Section 3.3 of OAuth 2.0 RFC6749. The scopes associated with Access Tokens determine what resources will be available when they are used to access OAuth 2.0 protected endpoints.


If you are using a built-in provider, you probably don't want to set customized scopes.


Some providers, like Amazon Cognito, do not support the offline_access scope.