Quasr
  • Introduction
    • Welcome to Quasr
    • Concepts
      • Flexible Authentication
      • User-Centric Privacy
      • Modern Development
    • Terminology
    • FAQs
  • Getting Started
    • Sign up with Quasr
    • Setup your tenant
      • Factor Configuration
      • Enrolling additional factors
      • Test with the Sample Client
      • Understanding Scopes & Scores
      • Setting up an API Client (M2M)
    • Connect your app
      • Hosted Login UI
      • Custom Login UI
      • Embedded Login UI
  • Account Administration
    • Introduction
    • Account & Billing
      • Metrics
    • Tenants
    • Usage & Statistics
    • Security
  • Tenant Administration
    • Introduction
    • Dashboard
    • Tenant Settings
    • Your Security
    • Accounts
      • Tenant Admins
    • Factors
      • Factors and Scoring
      • Username (ID)
      • Federation (OAuth2 / OIDC)
        • Apple
        • Facebook
        • GitHub
        • Google
        • LinkedIn
        • Slack
      • Time-based One-time Password (TOTP)
      • One-Time Password (OTP)
      • Password
      • Secret
    • Controls
      • Configuration
      • Permissions
      • Consents
      • Rules
    • Attributes
      • Capturing Claims
      • Sourcing Claims
      • Viewing Claims
      • Searching Claims / Users
      • Sharing Claims
    • Extensions
      • Synchronous
      • Asynchronous
    • Tokens
      • Session Token (OAuth 2.0)
      • Access Token (OAuth 2.0)
      • Refresh Token (OAuth 2.0)
      • ID Token (OIDC 1.0)
      • Consent Token
      • Authorization Code (OAuth 2.0)
    • Hosted Login Page
    • APIs
      • Authentication API
      • Management API (GraphQL)
  • Legal
    • Terms of Service
    • Acceptable Use Policy
    • DPA & Subprocessors
  • More Info
    • Standards
    • Security
      • Vulnerability Disclosure
      • Wall of Recognition
    • Support
    • Status
Powered by GitBook
On this page
  1. Tenant Administration

Controls

PreviousSecretNextConfiguration

Last updated 1 year ago

Controls are power-holding assets that accounts can obtain and grant to others. We currently have two types of controls we support:

  1. Scopes representing API access as defined as part of the OAuth 2.0 standard. Once an access token is issued it will generally hold a scope claim containing the granted scopes. The API will then inspect the scopes it contains and make an access decision. Hence it's key to understand meaning and enforcement happens at the API and not within Quasr. Scopes are generally just a string but we recommend a fully-qualified approach (so https://example.com/xyz).

  2. Legal controls represent acceptance of legal terms such as service Terms & Conditions, or any other documents or statements. Also legal controls are generally just strings but again here we recommend a fully-qualified approach where you could refer to a web page containing the text. As you'll notice legal controls are processed differently.

In your tenant you'll find three pre-provisioned controls:

  • Account Access (https://api.quasr.io/scopes/account) which provides access to an account own resources such as enrollments, consents, etc. via the Management API.

  • Admin Access (https://api.quasr.io/scopes/admin) which provides privileged access to the Management API though not all actions on other accounts are allowed to protect overall security and privacy guarantees.

  • OpenID Connect 1.0 (openid) which provides clients an identity token, on top of the standard OAuth 2.0 access token. It also provides access to an UserInfo endpoint though we currently don't provide this endpoint.

Management API for Controls

see

see

Postman Collection
GraphQL Voyager
Controls in the Quasr Tenant Admin UI