OAuth Scopes

What permissions a client requests from the Dataporten platform is represented by a set of scopes configured at the client level.

Authentication and userinfo

Scope Example value Properties
Dataporten User ID userid e14b8b85-adb2-4b49-bce3-320ddfe6c90f
Feide identifier userid-feide ["feide:ola@ntnu.no"]
Name and profile photo profile Ola Normann + 128x128px jpeg photo if available
Email email ola.normann@ntnu.no
National Identity Number userid-nin ["nin:01067012345"] Hidden
OpenID Access openid Tech
Long term access longterm Tech

Dataporten User ID (userid)

This is an UUID style user identificator representing the end user.

This identifier is exposed on the userinfo API endpoint, but also as part of the OpenID Connect ID token.

Groups

Scope Example value Properties
Groups groups See API docs
Groups member identifiers groups-memberids Hidden
Orgadmin groups groups-orgadmin Hidden Internal
People search peoplesearch Hidden

Extended userinfo

These scopes represents access to lookup the users attributes from the institutions directory (LDAP).

This is added for backward compatability with Feide service providers, that operate based upon these user attributes.

Scope Example value Properties
Phone number phone 01067012345 Hidden
Address address Hidden
Entitlements userinfo-entitlement ... Hidden
Extra info userinfo-extra Hidden

Internal scopes

Scope Description Properties
Org administrators orgadmin Administration API for system admins from an institution. May manage mandatory applications and more. Hidden Internal
Ad hoc group admin adhocgroupadmin API to manage and setup ad hoc groups. Hidden Internal
Authorization info authzinfo API that lists a user's authorizations, and withdraw. Hidden Internal