Ory · OAuth Scopes

Ory OAuth Scopes

OAuth 2.0 derived

Ory publishes 3 OAuth 2.0 scopes via the authorizationCode flow. Scopes are the fine-grained permissions an application requests at authorization time to act against the Ory API on a user’s behalf.

Tokens are issued from https://hydra.demo.ory.sh/oauth2/token.

This index is generated from the provider’s OpenAPI security definitions (and, where available, its documented scope reference) and refreshes on every APIs.io network build. Browse every provider’s scopes at scopes.apis.io.

AuthenticationAuthorizationIdentityOAuth2OpenID ConnectOpen Source
Scopes: 3 Flows: authorizationCode Method: derived

OAuth endpoints

Authorization URL
https://hydra.demo.ory.sh/oauth2/auth
Token URL
https://hydra.demo.ory.sh/oauth2/token
Flows
authorizationCode

Scopes (3)

ScopeDescriptionFlows
offline A scope required when requesting refresh tokens (alias for `offline_access`) authorizationCode
offline_access A scope required when requesting refresh tokens authorizationCode
openid Request an OpenID Connect ID Token authorizationCode

Source

OAuth Scopes

ory-scopes.yml Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/ory-hydra-openapi.json
schemes:
- name: oauth2
  source: openapi/ory-hydra-openapi.json
  flows:
  - flow: authorizationCode
    authorizationUrl: https://hydra.demo.ory.sh/oauth2/auth
    tokenUrl: https://hydra.demo.ory.sh/oauth2/token
scopes:
- scope: offline
  description: A scope required when requesting refresh tokens (alias for `offline_access`)
  flows:
  - authorizationCode
  sources:
  - openapi/ory-hydra-openapi.json
- scope: offline_access
  description: A scope required when requesting refresh tokens
  flows:
  - authorizationCode
  sources:
  - openapi/ory-hydra-openapi.json
- scope: openid
  description: Request an OpenID Connect ID Token
  flows:
  - authorizationCode
  sources:
  - openapi/ory-hydra-openapi.json