Skip to main content

OAuth2 Scopes — Quick Reference

Guidance for choosing and using OAuth2 scopes when integrating ValkyrAI and ValorIDE.

Best practices

Use least-privilege scopes (only ask for what you need)
Keep sensitive scopes server-only; avoid exposing admin-level scopes to clients
Provide user-friendly scope descriptions during consent

Examples

read:profile — read user profile
write:apps — create/update applications
launch:extension — allow launching ValorIDE with limited session

Implementation notes

Validate scopes on every API endpoint with a scope-to-permission mapping
Rotate tokens and keep refresh flows server-side

See also: Authentication System Guide

Best practices
Examples
Implementation notes