A scope is an OAuth concept available through the OpenID Connect protocol. When a user authenticates via an OpenID Connect mechanism, Fluid Topics requests scopes from the OpenID Connect provider. Each scope is associated with one or more user profile properties.
In general, scopes defined in the OpenID protocol are associated with one property, while custom scopes can potentially be associated with several properties.
By default, Fluid Topics requests three scopes: openid, profile, and email. Since the OpenID protocol defines these scopes as standard, the OpenID provider can make them available. The following image shows the email and profile scopes that Keycloak provides in the Client Scopes tab of its user interface:
Successfully retrieving a scope depends on the provider's ability to make it available. If a scope is successfully retrieved, the associated user profile property (or properties) appears when running the configuration assistant in the Profile mappers section of the New realm drawer as follows:
