LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What do the client_id, audience, and scope parameters specify in an OAuth authorization request?

client_id identifies which app is asking, audience names which API the token is for, and scope lists the specific permissions being requested.

These three parameters define who's asking, for access to what, and how much:

Parameter Meaning
client_id Public identifier of the app, pre-registered at the authorization server. Tells the AS which application this is.
audience The intended recipient/API of the resulting access token — which resource server it's good for.
scope The set of permissions requested (e.g. read:profile, email). Defines what the app may do with the user's data.

The client_id is not secret — it's baked into the app's JavaScript. The secret half is the client_secret, used later in the back-channel token exchange.

Tip: Scopes are why a consent screen can say "This app wants to: see your email and read your contacts" — each line is one requested scope.

Go deeper:

From Quiz: INTROL / Web Authentication: Cookies, OAuth 2.0 / OIDC & WebAuthn | Updated: Jul 14, 2026