International Business Machines Corporation
LIMITING SCOPES IN TOKEN-BASED AUTHORIZATION SYSTEMS

Abstract:

Access token scope limiting is provided. An access token of a client containing a list of scopes is presented to an authorization application programming interface of the computer. Each scope in the list of scopes defines a permission to access a particular protected resource hosted by a resource server. A new access token is returned to the client containing a decreased number of scopes using a scope alias in response to the authorization application programming interface requesting a decrease in a number of scopes in the list of scopes. The scope alias representing a plurality of specific scopes from the list of scopes contained in the presented access token.