For up-to-date product documentation, see the IBM MobileFirst Foundation Developer Center.

Configure a mandatory application scope

Configure a mandatory application scope to define application-specific authorization logic.

Before you begin

To use custom scope elements in your mandatory application scope, first map the required scope elements to security checks. See Mapping scope elements.


We can define a mandatory scope for our client application. When an application attempts to access a protected resource, the security framework maps the mandatory application scope to security checks. The framework runs these checks (if exist) in addition to the security checks of the requested resource scope. Follow the outlined procedure to define a mandatory application scope.



Define the mandatory application scope by using one of the following alternative methods:


After you successfully configure a mandatory application scope, we can see your defined mandatory application scope in the Mandatory Application Scope table on the application Security console page. In addition, we can see the mandatory-scope property definition in the application descriptor: in the console, go to the application Configuration Files tab. In the Application-Descriptor JSON File section we can see a copy of the application-descriptor JSON file. Search for the mandatoryScope property object in this file.

Parent topic: OAuth resource protection