OAuth Scopes

A mechanism in OAuth 2.0 that limits what an access token is permitted to do by attaching a set of named permissions to it. Clients declare the scopes they require during the authorization request; the authorization server may grant all, some, or none of the requested scopes after the user consents. The issued token is then restricted to performing only actions covered by the granted scopes, enabling fine-grained access control without separate tokens per resource.