search

Scopes and Claims

Here you can see all the scopes and claims we support.

Scopes are permissions that give access to certain claims or APIs, the user can give access to other applications using those scopes. They can be configured using the Vulos Identity dashboard.

Claims can be accessed using the OpenID Connect userinfo endpoint or by using User.info() in the JavaScript SDK.

circle-info

See UserInfo for more information.

hashtag
User Info

GET https://identity.vulos.io/connect/userinfo

Use an access token to get claims appropriate to the scopes of the application that created the access token.

hashtag
Headers

Name
Type
Description

Authorization*

String

Bearer authentication with the access token obtained using OpenID Connect

{ "sub": "<guid>", ... }

hashtag
openid

This scope can be used to identify the user using the sub claim, which is a per-user unique identifier.

circle-exclamation

This is a required scope, meaning that if the user decides do use an app, they cannot restrict access to this scope if the app requires it.

// assuming you have done the correct setup and have an UserInfo instance
const userId = userInfo.sub() // there is an alias called id() as well

hashtag
email

This scope can be used to get the user's email and their email confirmation status.

circle-exclamation

This is a required scope, meaning that if the user decides do use an app, they cannot restrict access to this scope if the app requires it.

hashtag
profile

This scope can be used to get some personal information about the user.

circle-exclamation

This is a required scope, meaning that if the user decides do use an app, they cannot restrict access to this scope if the app requires it.

hashtag
profile:read

Provides access to the Profile API.

hashtag
address

This scope can be used to get the user's address.

hashtag
public

This scope can be used to get the user's trust level and KYC verification status.

circle-exclamation

This is a required scope, meaning that if the user decides do use an app, they cannot restrict access to this scope if the app requires it.

hashtag
private

This scope can be used to get the user's digital ID and national ID.

hashtag
wallet

This scope can be used to get the user's Ethereum and Velas wallet addresses.

hashtag
organization

The organization scope group is divided in 3 scopes:

  • organization:read which provides the claims organization:name and organization:id for all the organizations that the user has a membership for;

  • organization:roles which provides the organization:role claim for the roles that the user has in the application's associated organization;

  • organization:manage which provides access to the Organization API;

hashtag
organization:read

hashtag
organization:roles

circle-exclamation

This is a required scope, meaning that if the user decides do use an app, they cannot restrict access to this scope if the app requires it.

hashtag
organization:manage

This scope doesn't provide any claims, it just provides access to the following API:

Organization APIchevron-right

hashtag
kyc

The kyc scope group is divided in 2 scopes:

  • kyc:read which gives access to the KYC status and list APIs;

  • kyc:write which gives access to the KYC create and upload APIs;

KYC APIchevron-right

hashtag
event

The event scope group is divided in 3 scopes:

  • event:create which lets the application create event sessions;

  • event:read which lets the application read/subscribe to event sessions;

  • event:write which lets the application push events to a session;

PreviousOrganizationsNextIdentity JavaScript SDK

Last updated