Olympus Docs
ReferenceScopes

groups

Custom claim with array of group memberships. Used by ArgoCD, Grafana, etc. for role mapping.

OAuth2 scope: groups

Source: Olympus convention

Description

Custom claim with array of group memberships. Used by ArgoCD, Grafana, etc. for role mapping.

Requesting this scope

In the authorization URL:

GET /oauth2/auth?
  &scope=groups
  ...

Multiple scopes are space-separated.

Granting access

A client only receives this scope if it's on the client's allowed scope list. Configure in Athena → OAuth2 Clients → your client → Allowed Scopes.

Checking in your backend

The access token's scope claim contains the granted scopes:

const granted = info.scope?.split(" ") ?? [];
if (!granted.includes("groups")) return 403;

phone

`phone_number`, `phone_number_verified`. Add to schema if you collect phone.

role

Custom single-string role claim. `admin`, `user`, etc.

On this page

OAuth2 scope: groupsDescriptionRequesting this scopeGranting accessChecking in your backendRelated