PingFederate provides the flexibility to manage scopes and scope groups in two buckets, common versus exclusive. Common scopes and scope groups are optional. If defined, they are available to all clients. As needed, you can restrict individual clients to a subset of common scopes or scope groups on a client-by-client basis in their client configurations. Exclusive scopes and scope groups are also optional. If defined, they are restricted from all clients by default. However, you can grant individual clients access to one or more exclusive scopes or scope groups in their client configurations. Furthermore, you have the options to create static scopes, static scope groups, and dynamic scopes. Scope groups allows clients to request a super scope and optionally downgrade to a subset of it at a later time. Dynamic scopes address the business requirement where clients want to request authorization by using scope values with a variable component from one request to another. For detailed information about scopes, see Scopes and scope management.
You manage scopes, scope groups, and the default scope description using the Common Scopes and Exclusive Scopes.
configuration wizard. Configuration steps for common and exclusive scopes (and scope groups) are identical, with the exception of the configuration screens, which areA scope (or a scope group) is either a common scope (or a common scope group) or an exclusive scope (or an exclusive group). Duplicate scopes and scope groups are not allowed.
For scopes that are intended for the majority of clients, create them as common scopes. For scopes that should be limited to the minority of clients, create them as exclusive scopes. As needed, you may organize common (or exclusive) static scopes into common (or exclusive) scope groups.
Scopes and scope groups represent access to resources or APIs on the resource server (RS). For clients supporting the OpenID Connect protocol, you may direct the developers to your PingFederate's OpenID Provider configuration endpoint to retrieve a list of common scopes and common scope groups.
The OpenID Provider configuration endpoint does not return exclusive static scopes, exclusive scope groups, common dynamic scopes, and exclusive dynamic scopes by default. As needed, you can optionally customize the response to include such individual scopes and scope groups.