Connections to external resources must use open standards protocols. Resources have scopes, and applications can request an access token that is associated with specific scopes when the token is granted. The endpoint enforces access through the encoded representation of the scopes in the access token. The endpoint decodes the token to determine the permissions allowed for the application.

Scopes define the permissions for the application, and are defined by the resource server.