Token Scopes

The offline_access scope is particularly important for extended token validity. When included, it allows token exchanges to remain valid for an extended period (up to ~6-24 months) without requiring users to log in again. This is particularly useful for long-running applications or background services.

Default Token Behavior

Clients can obtain tokens without specifying any scopes, but these tokens will have a shorter lifespan. For longer-lasting tokens, including the offline_access scope in the request is necessary.

Experimental Scopes

The exports and core_data are currently experimental scopes and strict validation is not enforced on them at this time.

Core Functionality

Scopes like email and profile are considered core functionality and are enabled by default for all clients - explicit inclusion in scope requests is not required.

Requesting Scope

Multiple scopes can be requested by using space-delimited values in the scope parameter. To request specific scopes, include them in the authorization request: 'scope=offline_access core_data exports'