Scopes
Defining Scopes

A scope is some resource (or a set of resources) that can be accessed only by authenticated users.  A scope has some name or identifier. The scope name is defined by scope provider (such as webAppOS or Google) that hosts the resources represented by a scope.

Examples

To be able to access resources within the given scope, certain authentication is required.  For instance, webAppOS "login" scope can be accessed after the user passes the login page.  Google's scopes can be accessed after entering Google account password and by allowing the given web application (such as webAppOS itself or its web apps) to access the required scopes (Google login page will inform the user about the requested scopes). Since authorizing scopes requires user's intervention, logically, webAppOS API functions for scopes are browser-based.

API Functions for Accessing Scopes

webAppOS provides a uniform mechanism to access webAppOS and third-party scopes.  The webappos.js script implements the following scope-related functions:

request_scopes

authenticates the user to use one or more particular scopes of the given provider.  For that, request_scopes loads the corresponding scopes driver and calls request_access (see Scopes Drivers, if you want to create your own drivers or get to know how drivers are implemented).

The driver can perform different actions depending on whether webAppOS is running in a serverfull or serverless mode (this is determined by checking whether some the webAppOS scopes such as "login" or "project_id"  were requested earlier).

See also: webappos.request_scopes

Code example:

webappos.request_scopes("webappos_scopes", "login").then( ()=>
webappos.request_scopes("google_scopes", "https://www.googleapis.com/auth/spreadsheets");
);
sign_out

Calls revoke_serverless_access() for all loaded scopes drivers, including "webappos_scopes", if it was loaded (thus, releasing the webAppOS "login"/"project_id" scope and redirecting to the login page).

The sign_out function DOES NOT release server-side scope tokens. This is done intentionally: tokens remain stored at the server side for future access (e.g., for re-mounting cloud drives on the next logon automatically).

See also: webappos.sign_out