Scopes and Permissions
Last updated November 26, 2025
Scopes define what data is included in the ID Token and whether to issue a Refresh Token. Permissions control what APIs and team resource an Access Token can interact with.
The following scopes are available:
| Scope | Description |
|---|---|
openid | Required permission, needed to issue an ID Token for user identification. |
email | Enabling this scope grants access to the user's email address in the ID Token. |
profile | Enabling this scope grants access to the user's basic profile information, including name, username, and profile picture, in the ID Token. |
offline_access | Enabling this scope issues a Refresh Token. |
Permissions for issuing API requests and interacting with team resources are currently in private beta.
Was this helpful?