Is there any way to find out application scopes for which I have via clientId created JWT?

Question

Hi,I am currently working on a use case involving JWT (JSON Web Token) authentication. In this scenario, clients will generate JWTs for my application using a specific client ID of my application. A potential requirement we are considering is for clients to be aware of the permission scopes that have been enabled for my application.Could you please advise if there is a mechanism available for users of my application to access this information regarding the permission scopes associated with the JWTs created via the client ID?Best regards,Aleksandar Misljenovic

PhongVu · Answer

If you want to list all the scopes of your application, you can grab them from the app settings by logging into your RingCentral developers portal and open the app settings page. Or you can generate your own JWT token and try to authenticate your app and check the token object to detect the list of app scopes. Here is a sample of a token object.

{

  access_token: 'xxxx',

  token_type: 'bearer',

  expires_in: 3600,

  refresh_token: 'yyyy',

  refresh_token_expires_in: 604800,

  scope: 'CallControl ReadContacts ReadAccounts EditPresence EditAccounts ReadMessages Faxes ReadPresence RingOut SMS',

  owner_id: '6228832xxxx',

  endpoint_id: 'nINYgVelRAW-'

}

However, some app scope is an umbrella and it might cover more features than what your app actually provides, e.g. with the "CallControl" scope your app can receive telephony session event notifications, it can answer a call, terminate a call or monitor a call programmatically etc.

Therefore, it's your responsibility to list the features (in descriptive words) that your app provides to your users. You can create the list based on the platform APIs your app would call.

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded