Adding scopes for authorized apps or service accounts

This section is applicable for the ION Backend Service authorized app and any authorized app created by the customer that uses an API from the Infor OS API suite.

These authorized apps are exempted from any scope check by default to maintain backward compatibility; however, if the global Scopes setting is set to Enforced, you have the option to opt in and use scopes for additional security. You can opt in using the process described in Using a backend service to opt into using scopes.

For webapp, mobile, and desktop clients:

• The authorized app must have the required scopes associated to request that scope
• The scope must be explicitly included in the client app’s authorization request.
• The user must consent to granting that scope.

For Backend clients:

• The Service Account generated on behalf of the user must have the scopes associated with them
• The scope must be explicitly included in the client app’s token request.

For a detailed explanation on OAuth Scopes management with examples, see KB https://inforsaas.service-now.com/kb?id=kb_article_view&sysparm_article=KB3537918.