Olympus Docs
ReferenceScopes

openid

Required to receive an ID token. Without it, the OAuth2 flow returns only an access token (no OIDC features).

OAuth2 scope: openid

Source: OIDC spec

Description

Required to receive an ID token. Without it, the OAuth2 flow returns only an access token (no OIDC features).

Requesting this scope

In the authorization URL:

GET /oauth2/auth?
  &scope=openid
  ...

Multiple scopes are space-separated.

Granting access

A client only receives this scope if it's on the client's allowed scope list. Configure in Athena → OAuth2 Clients → your client → Allowed Scopes.

Checking in your backend

The access token's scope claim contains the granted scopes:

const granted = info.scope?.split(" ") ?? [];
if (!granted.includes("openid")) return 403;

OAuth2 scopes

Standard OIDC scopes and Olympus-specific conventions

profile

Profile-related claims: `name`, `given_name`, `family_name`, `preferred_username`, `locale`. Olympus also surfaces identity traits here.

On this page

OAuth2 scope: openidDescriptionRequesting this scopeGranting accessChecking in your backendRelated