Scope Restrictions

About Scope Restrictions

Scope Restrictions provide a mechanism to create an alias for a scope of scopes and define a set of crossbar token restrictions.

A scope restriction is assigned by setting it in the scope_restrictions array on the user object.

Example Scope Restriction Document

This

{
  "_id": "support",
  "_rev": "15-2a48ea5cca7783dde1518f95a250a704",
  "pvt_type": "scope_restriction",
  "scopes": [
    "crossbar:read_only"
  ],
  "token_restrictions": {
    "_": [
      {
        "allowed_accounts": [
          "_"
        ],
        "rules": {
          "#": [
            "GET"
          ]
        }
      }
    ]
  }
}

Schema

Crossbar Scope Restrictions Definition

KeyDescriptionTypeDefaultRequiredSupport Level
idScope Restriction unique identifierstring()false
scopes.[]string()false
scopesList of enforced scopesarray(string())[]false

Fetch

GET /v2/accounts/{ACCOUNT_ID}/scope_restrictions

curl -v -X GET \
    -H "X-Auth-Token: {AUTH_TOKEN}" \
    http://{SERVER}:8000/v2/accounts/{ACCOUNT_ID}/scope_restrictions

Create

PUT /v2/accounts/{ACCOUNT_ID}/scope_restrictions

curl -v -X PUT \
    -H "X-Auth-Token: {AUTH_TOKEN}" \
    http://{SERVER}:8000/v2/accounts/{ACCOUNT_ID}/scope_restrictions

Fetch

GET /v2/accounts/{ACCOUNT_ID}/scope_restrictions/{SCOPE_RESTRICTION}

curl -v -X GET \
    -H "X-Auth-Token: {AUTH_TOKEN}" \
    http://{SERVER}:8000/v2/accounts/{ACCOUNT_ID}/scope_restrictions/{SCOPE_RESTRICTION}

Change

POST /v2/accounts/{ACCOUNT_ID}/scope_restrictions/{SCOPE_RESTRICTION}

curl -v -X POST \
    -H "X-Auth-Token: {AUTH_TOKEN}" \
    http://{SERVER}:8000/v2/accounts/{ACCOUNT_ID}/scope_restrictions/{SCOPE_RESTRICTION}

Remove

DELETE /v2/accounts/{ACCOUNT_ID}/scope_restrictions/{SCOPE_RESTRICTION}

curl -v -X DELETE \
    -H "X-Auth-Token: {AUTH_TOKEN}" \
    http://{SERVER}:8000/v2/accounts/{ACCOUNT_ID}/scope_restrictions/{SCOPE_RESTRICTION}