Specifies the scopes to request when obtaining an OAuth token from the OIDC token endpoint.

Data Type

string

Default Value

""

Remarks

Scopes are set to define what kind of access the authenticating user will have; for example, read, read and write, restricted access to sensitive information. System administrators can use scopes to selectively enable access by functionality or security clearance.

When InitiateOAuth is set to GETANDREFRESH, you must use this property if you want to change which scopes are requested.

When InitiateOAuth is set to either REFRESH or OFF, you can change which scopes are requested using either this property or the Scope input.

When set to a value, this property is included in the OAuth authorization request sent to your identity provider. Scopes determine the level of access granted in the issued token.

The default server-side Apache Kafka OAuth validator does not require scopes, but your identity provider may enforce them. Set this property to whatever scope string your provider requires for client credential OIDC authentication.