What are the scope values ​​for an OAuth2 server?

To authorize the application, you need to call the URL for the OAuth2 authorization process. This URL lives in the API provider documentation. For example, Google has this URL:

https://accounts.google.com/o/auth2/auth

You also need to specify several query parameters at this link:

• cliend_id
• redirect_uri
• scope: , . , Facebook -. scope API. Gougle T scope - https://www.googleapis.com/auth/tasks. Google, scope https://www.googleapis.com/auth/tasks https://docs.google.com/feeds
• response_type: code - , , code , .
• state: , , (CSRF) . , (, ).

// Generate random value for use as the 'state'.  Mitigates
// risk of CSRF attacks when this value is verified against the
// value returned from the OAuth provider with the authorization
// code.
$_SESSION['state'] = rand(0,999999999);

$authorizationUrlBase = 'https://accounts.google.com/o/oauth2/auth';
$redirectUriPath = '/oauth2callback.php';

// For example only.  A valid value for client_id needs to be obtained 
// for your environment from the Google APIs Console at 
// http://code.google.com/apis/console.
$queryParams = array(
  'client_id' => '240195362.apps.googleusercontent.com',
  'redirect_uri' => (isset($_SERVER['HTTPS'])?'https://':'http://') .
                   $_SERVER['HTTP_HOST'] . $redirectUriPath,
  'scope' => 'https://www.googleapis.com/auth/tasks',
  'response_type' => 'code',
  'state' => $_SESSION['state'],
  'approval_prompt' => 'force', // always request user consent
  'access_type' => 'offline' // obtain a refresh token
);

$goToUrl = $authorizationUrlBase . '?' . http_build_query($queryParams);

// Output a webpage directing users to the $goToUrl after 
// they click a "Let Go" button
include 'access_request_template.php';

, Google -, :

https://developers.google.com/accounts/docs/OAuth2WebServer?hl=el#formingtheurl