Authorization scope
Warhorn governs app access to users’ personal data through the scope mechanism. Each scope is associated with a distinct set of permissions:
| Scope | Permissions |
|---|---|
openid |
Issuance of ID token, access to userinfo endpoint, uid userinfo claim |
email |
email and email_verified userinfo claims |
profile |
name, picture and zoneinfo userinfo claims |
Warhorn does not assume any default scopes. Your app must explicitly ask for the scopes it wants during the authorization request. The Warhorn consent screen will indicate to the user which data the app is asking to access
In addition to any scopes requested by your app, Warhorn may add other scopes and/or allow the user to deny individually requested scopes. Your app should consult the token response to identify the exact set of scopes granted for the access token.
Reference
oauth.com has a great detailed explanation of how access tokens are used in OAuth.