Skip to content

Latest commit

 

History

History
52 lines (38 loc) · 2.63 KB

oauth.md

File metadata and controls

52 lines (38 loc) · 2.63 KB

OAuth

Credentials

Client IDs SHOULD include a namespace. For example, nypl_holds_service where nypl_ is the namespace.

Client IDs SHOULD use snake-case.

Client IDs SHOULD be limited to 16 alphabetical characters.

Client secrets MUST NOT be shared across applications and MUST NOT be committed to source control or exposed publicly (see security).

Scopes

Scopes are used to specify access on NYPL platform services.

Scopes let you specify exactly what type of access you need. Scopes limit access for OAuth tokens. They do not grant any additional permission beyond that which the user or application already has.

Clients SHOULD always request the most specific scopes when requesting a token.

Common Scopes

These scopes are common to all services:

  • openid: required by OpenID Connect specification
  • offline_access: issues a refresh token (when applicable)
  • login:staff: use the NYPL Active Directory for authentication on authorization_code requests

Service-specific Scopes

Scope Description
admin Administrative/global access
read:bib Read bibs
write:bib Write bibs
read:checkin_request Read check-ins requests
write:checkin_request Write check-in requests
read:checkout_request Read check-out requests
write:checkout_request Write check-out requests
read:doc Read and generate new documentation
read:hold_request Read hold requests
write:hold_request Write hold requests
read:item Read items
write:item Write items
read:patron Read patron information
write:patron Write patron information
read:recall_request Read recall requests
write:recall_request Write recall requests
read:refile_request Read refile requests
write:refile_request Write refile requests
read:staff_picks Read staff picks and staff pick lists
write:staff_picks Write staff picks and staff pick lists