Allow Users to Grant Specific Scopes to an Application

Overview

This article discusses whether it is possible for a user to grant only partial scopes of an API to an application during the authorization process. For example, granting only “calendar:read” when an application requests both the “calendar:read” and “email:read” scopes.

Applies To

  • APIs
  • Having the option “Allow Skipping User Consent” turned off
  • Authorization screen

Solution

The “Grant Management for User Consents” feature, which would directly enable users to grant specific scopes, is planned for a future release. A current workaround involves using actions. For a similar approach that can be adapted using client_ids, refer to Add user roles to ID and Access tokens.