SCOPE (for application)

This SCOPE element allows you to get user identifiers, such as email, phone, address, and so on, at the time of authentication by the Identity Provider.

Syntax

<SCOPE>names</SCOPE>

names is a space-separated list of user identifier attributes.

Child elements

There are no child elements.

Usage

You use this element to get identifiers about the user accessing your application via an Identity Provider. For example, if you set "email" in the SCOPE element of your application configuration, you will have an environment variable called OIDC_EMAIL set by the GAS that you can then retrieve with the fgl_getenv("OIDC_EMAIL") instruction in your application.

User attributes, such as "email", "phone", "address", and so on, are specific to the identity provider (IdP). You will need to add the appropriate attributes to work with your IdP. These attributes are documented by your IdP.

For more information on retrieving user identifiers in your application, refer to the Retrieve the user identifier page in the Single Sign-On User Guide.

Usage example in application configuration file

<?xml version="1.0"?>
<APPLICATION Parent="defaultgwc"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xsi:noNamespaceSchemaLocation="https://4js.com/ns/gas/5.00/cfextws.xsd">
  <EXECUTION>
    <PATH>$(res.path.qa)/applications/myapp</PATH>
    <MODULE>App.42r</MODULE>
      <DELEGATE service="services/OpenIDConnectServiceProvider"> 
          <OAUTH>https://accounts.myOAUTHIdp.com</OAUTH>
          <SCOPE>email</SCOPE>        
          <CLIENT_PUBLIC_ID>XXXXXXXX.apps.myOAUTHIdpusercontent.com</CLIENT_PUBLIC_ID>
          <CLIENT_SECRET_ID>XXXXXX-XXXXXX</CLIENT_SECRET_ID>        
      </DELEGATE>
  </EXECUTION>
</APPLICATION>

Parent elements

This element is a child of the DELEGATE element.