allowedScopesForAuthenticatable method

List<AuthScope> allowedScopesForAuthenticatable (Authenticatable authenticatable)

Returns list of allowed scopes for a given Authenticatable.

Subclasses override this method to return a list of AuthScopes based on some attribute(s) of an Authenticatable. That Authenticatable is then restricted to only those scopes, even if the authenticating client would allow other scopes or scopes with higher privileges.

By default, this method returns AuthScope.Any - any Authenticatable being authenticated has full access to the scopes available to the authenticating client.

When overriding this method, it is important to note that (by default) only the properties declared by Authenticatable will be valid for authenticatable. If authenticatable has properties that are application-specific (like a role), fetchAuthenticatableByUsername must also be overridden to ensure those values are fetched.

Implementation

List<AuthScope> allowedScopesForAuthenticatable(
        Authenticatable authenticatable) =>
    AuthScope.Any;