Fanatics EcoSystem
  • Fanatics ID
  • Loyalty
  • Start Here
  • Setup
  • Single Sign On
    • Authorization
    • Code Exchange
    • Refresh Token
    • Logout
    • ID Token
    • Environments
    • Scopes
    • Account Management
    • OpenID Config
  • Server to Server
    • Authentication
    • Environments
    • Scopes
  • Point of Sale
    • Assertion Usage
Powered by GitBook
On this page
  1. Single Sign On

Scopes

PreviousEnvironmentsNextAccount Management

Last updated 5 months ago

Scope is a mechanism in OAuth 2.0 to limit an application's access to a user's account. An application can request one or more permissions and the access token issued to the application will be limited to the permissions granted.

Clients

When a client is setup it is provided a list of roles. Each role has a list of permissions tied to it. That client will be limited to the list of permissions it is setup to utilize.

Authorization

When you Send a user to our SSO or when you authenticate server to server you will pass a scope. That scope should contain a space delimited list of permissions your client is setup to use and only the permissions you will need to use that token for . Be aware, if you request a permission you are not allowed to have we will silently ignore it and still issue tokens.

SSO

For using our SSO you must request the openid scope but you can ask for other scopes as well. Please note that the value should be url encoded!

APIs

Each API endpoint we have will have a specific permission necessary to access it which will be documented on the endpoint documentation page. If you need to access an API make sure you request that permission as part of the scope parameter.

least privilege principle