What is the meaning of scope = scope-token ( SP scope-token ) scope-token = 1( %x21 / %x23-5B / %x5D-7E ) in RFC6749 about OAuth2

Question

What is the meaning of
scope = scope-token *( SP scope-token ) scope-token = 1*( %x21 / %x23-5B / %x5D-7E )

score 12 · Answer 1 · answered Feb 23 '16 at 21:19

so the way I interpret this is

scope-token = 1*( %x21 / %x23-5B / %x5D-7E )

seems to be saying that a scope-token can be 1 or more ascii characters from the defined hex character ranges. So basically x21 (!) to x7E (~) but disallowing x22 (") and x5C (\). See here for a list of characters and their hex codes.

and

scope = scope-token *( SP scope-token )

suggests that scope is a scope-token (as defined above) appended with zero or many SP scope-tokens where SP is a space character.

So a valid scope string would be:

scope = i am 5 scopes !!!!

but these wouldn't be valid scope strings:

scope = "scope1" "scope2" "scope3"
scope = scope1\scope2\scope3

score 4 · Answer 2 · edited Oct 07 '21 at 06:01

4

The expressions are ABNF.

RFC6749 8.1. Defining Access Token Types mentions it.

edited Oct 07 '21 at 06:01

Community

1
1

answered Feb 24 '16 at 13:51

Boreas320

850
9
14

score 0 · Answer 3 · edited Oct 07 '21 at 13:39

0

I'm using this regular expression in a javascript snippet that test the error_description value of error responses on a OAuth2 server implementation, as error_description also requires those character constrains as per spec: https://www.rfc-editor.org/rfc/rfc6749#section-5.2

const regex = /1*[\x21\x23-\x5B\x5D-\x7E]/g

edited Oct 07 '21 at 13:39

Community

1
1

answered Dec 15 '19 at 04:53

Juan Manuel Cañabate

111
4

What is the meaning of scope = scope-token *( SP scope-token ) scope-token = 1*( %x21 / %x23-5B / %x5D-7E ) in RFC6749 about OAuth2

3 Answers3

What is the meaning of scope = scope-token ( SP scope-token ) scope-token = 1( %x21 / %x23-5B / %x5D-7E ) in RFC6749 about OAuth2