Skip to content

Commit

Permalink
Update OAuth.md
Browse files Browse the repository at this point in the history
  • Loading branch information
amabdulr authored Jan 7, 2025
1 parent b142b0a commit df40527
Showing 1 changed file with 36 additions and 0 deletions.
36 changes: 36 additions & 0 deletions docs/OAuth.md
Original file line number Diff line number Diff line change
Expand Up @@ -166,3 +166,39 @@ Follow these steps to revoke the token:
#### **RFC 7009**
The procedure to revoke an OAuth refresh token follows the RFC 7009 guidelines for OAuth 2.0 token revocation."
## OAuth scopes
OAuth scopes in OAuth 2.0 are used to define and limit the access rights granted to an access token.
When an integration requests authorization from an administrator, it must include a list of scopes that the integration seeks access to. The Meraki Dashboard presents these scopes to the admin during the authorization process, allowing them to approve or deny the request.
Using scopes, OAuth 2.0 offers a flexible and granular method for controlling access to resources. This enables the administrator to make informed decisions regarding the level of access granted to integrations. This mechanism supports the principle of least privilege, enhancing security and privacy.
Meraki provides the following two scopes:
1. **`config`**: This scope grants access to configuration features that influence the operation of the network and the overall network experience. The config scope dictates the end-user network experience and the functioning of Meraki devices, such as VPNs, VLANs, access controls, policies, SSIDs, and sensor names. Note that the `config` scope excludes admin-facing telemetry configurations, which are managed using telemetry scopes.
2. **`telemetry`**: This scope grants access to telemetry data and configurations that do not impact the end-user network experience. They include features like event logs, syslog, bandwidth utilization, client counts, and camera snapshots.
Note: The Meraki scopes can have either "read-only" or "write" permission levels.
| Category | Read | Write |
|-----------------------|--------------------------------|--------------------------------|
| **Dashboard** | dashboard:iam:config:read | dashboard:iam:config:write |
| | dashboard:iam:telemetry:read | dashboard:iam:telemetry:write |
| | dashboard:general:config:read | dashboard:general:config:write |
| | dashboard:general:telemetry:read | dashboard:general:telemetry:write |
| | dashboard:licensing:config:read | dashboard:licensing:config:write |
| | dashboard:licensing:telemetry:read | dashboard:licensing:telemetry:write |
| **Network** | sdwan:config:read | sdwan:config:write |
| | switch:config:read | switch:config:write |
| | wireless:config:read | wireless:config:write |
| | sdwan:telemetry:read | sdwan:telemetry:write |
| | switch:telemetry:read | switch:telemetry:write |
| | wireless:telemetry:read | wireless:telemetry:write |
| **IoT** | camera:config:read | camera:config:write |
| | sensor:config:read | sensor:config:write |
| | camera:telemetry:read | camera:telemetry:write |
| | sensor:telemetry:read | sensor:telemetry:write |
| **Endpoint Management (SM)** | sm:telemetry:read | sm:telemetry:write |
| | sm:config:read | sm:config:write |

0 comments on commit df40527

Please sign in to comment.