Token Scopes
The offline_access scope is particularly important for extended token validity. When included, it allows token exchanges to remain valid for an extended period (up to ~6-24 months) without requiring users to log in again. This is particularly useful for long-running applications or background services.
Default Token Behavior
Clients can obtain tokens without specifying any scopes, but these tokens will have a shorter lifespan. For longer-lasting tokens, including the offline_access scope in the request is necessary.
Experimental Scopes
The exports
and core_data
are currently experimental scopes and strict validation is not enforced on them at this time.
Core Functionality
Scopes like email
and profile
are considered core functionality and are enabled by default for all clients - explicit inclusion in scope requests is not required.
Requesting Scope
Multiple scopes can be requested by using space-delimited values in the scope parameter. To request specific scopes, include them in the authorization request: 'scope=offline_access core_data exports'
Updated 26 days ago