In version 1.5.0 we introduced more advanced permissions in the form of “scopes”, because no locker is complete without a good lock and key. Scopes allow you to control what actions clients can perform on a LRS. In this blog post, I’ll explain how to create and modify scopes for a client, the scopes we currently have, and what the future holds for your locks and keys.

Changing Scopes

Within Learning Locker, a Client represents an Activity Provider using the LRS, like an Application or an LMS. Each Client is identified by a username and password which you can send via Basic Auth or OAuth. You can create Clients by following the steps below.

  1. Navigating to your LRS from the LRS list (in the top nav bar).

  2. Navigating to your clients by clicking “Manage Clients” (in the left nav bar).

  3. Creating a client by clicking the “Create Client” button (bottom of the page).

 

Once created you can then control the actions your clients can perform on your LRS by following the steps below.

  1. Click the “edit” (pencil) button next to your client.

  2. Select the scopes that you’d like your client to have from the list of scopes.

  3. Click the “Submit” button (bottom of the page).

Current Scopes

As you can see in the screenshot above, there are currently 7 scopes. We’ve started with these scopes because they’re already defined in the xAPI specification. The first of these scopes is the mother of all scopes and as such is appropriately called “all”. This scope allows the Client to perform all of the actions allowed by the other scopes.

The second of these scopes (all/read) is similar to the first, however it’s more like the Librarian of all scopes since it only allows the client to perform all of the reading actions allowed by the other scopes.

As their names suggest, the next three scopes are limited to reading and writing statements. The first “statements/write” allows the client to create new statements in the LRS. The next “statements/read” allows the client to read any statements in the LRS and the final scope “statements/read/mine” allows the client to read any of the statements created by itself.

The final two scopes relate to documents. The first “state” allows the client to read and write states via the State API, whilst the final scope “profile” allows the client to read and write activities and agents via their respective APIs.

Future Scopes

We hope to expand on these scopes to allow finer grained control over what clients can and can’t do. Right now we’d like some feedback from you (the community) about the current scopes and what actions you’d like to have control over. If you have some input, we’d love to hear it in the chat or on Github (using the enhancement template).