All Articles

Rollup ID Scopes Part 2: The Anatomy of a Rollup ID Scope

August 16, 2023
Adrian Maurer (@a11hard)

In our previous post, we introduced the concept of authorization scopes and their significance in the digital identity landscape. Today, we'll delve deeper into the structure of a Rollup ID scope, exploring its components and understanding its role in ensuring secure and user-centric access.

What Makes Up a Rollup ID Scope?

A scope in Rollup ID isn't just a random string of characters. It's a carefully structured descriptor that encapsulates specific permissions. Let's break down its anatomy:

  1. Resource Type: This defines the type of resource the scope pertains to. For instance, a profile scope might refer to user profile data, while a transaction scope might refer to user transaction history.
  2. Permission Level [coming soon]: This specifies the level of access granted. For example, read might allow viewing data, while write might allow modifying it.
  3. Context (Optional) [coming soon]: Some scopes might have an additional context, specifying conditions under which the scope is valid. For instance, a scope might be valid only for a specific time frame or within a particular application.

Diving Deeper into Rollup ID Scopes

Rollup ID offers a range of scopes tailored to various needs:

  • openid: A standard scope indicating the authorization request to be an OIDC request, providing an ID token as part of the token exchange.
  • profile: A standard scope indicating that basic profile claims, such as name and picture, will be included in the ID token and the responses of calls to the /userinfo endpoint.
  • email: This scope allows applications to request email addresses from users. The value of this claim comes from the connected account the user selects during authorization. Soon this will also allow users to mask email addresses.
  • connected_accounts: This scope indicates that the type and address of each connected account will be included in the ID token and the /userinfo endpoint response.
  • erc_4337 (smart contract wallet): This scope indicates that the blockchain address and name of smart contract wallets will be included in the ID token and the /userinfo endpoint response.

  • store (object storage) [coming soon]: This scope indicates the name an object storage namespace that can be used to store versioned data blobs.
  • kyc [coming soon]: This scope indicates that the app requires verified personal identifiable information for use cases like opening up a bank account.


Understanding the anatomy of a Rollup ID scope is foundational to grasping the power and flexibility of the Rollup ID authentication system. As we continue in this series, we'll explore common use cases for these scopes and best practices for implementing them in your applications.

Stay tuned for our next post, where we'll dive into common Rollup ID scopes and their real-world applications!

More Articles

View All

Experience the Future of Decentralized Identity with Rollup ID