OAuth Scopes

What permissions a client requests from the Feide platform is represented by a set of scopes configured at the client level.

Authentication and userinfo

Scope Example value Properties
Dataporten User ID userid e14b8b85-adb2-4b49-bce3-320ddfe6c90f
Feide identifier userid-feide ["feide:ola@ntnu.no"]
Name and profile photo profile Ola Normann + 128x128px jpeg photo if available
Email email ola.normann@ntnu.no
National Identity Number userid-nin ["nin:01067012345"] Hidden
OpenID Access openid Tech
Long term access longterm Tech

Dataporten User ID (userid)

This is an UUID style user identifier representing the end user. This identifier is exposed on the userinfo API endpoint, but also as part of the OpenID Connect ID token.


Scope Example value Properties
Groups groups See API docs
Groups member identifiers groups-memberids Hidden
Orgadmin groups groups-orgadmin Hidden Internal
People search peoplesearch Hidden

Extended userinfo

These scopes represents access to look up the user’s attributes from the institution’s directory (LDAP). This is added for backward compatibility with Feide service providers that operate based upon these user attributes. This should not be confused with the OpenID Connect userinfo endpoint.

Scope Example value Properties
Phone number phone 01067012345 Hidden
Address address Hidden
Entitlements userinfo-entitlement ... Hidden
Extra info userinfo-extra Hidden

Internal scopes

Scope Example value Properties
Org administrators orgadmin Administration API for system admins from an institution. May manage mandatory applications and more. Hidden Internal
Ad hoc group admin adhocgroupadmin API to manage and setup ad hoc groups. Hidden Internal
Authorization info authzinfo API to list and withdraw a user's authorizations. Hidden Internal