Help Needed with Correct Scope Configuration for OAuth with OpenAI


I am currently working on integrating OAuth for an application that utilizes OpenAI’s services, but I’m facing challenges in configuring the correct scopes. I have a basic understanding of OAuth and have managed to set up the basic flow. However, I’m uncertain about the specific scopes required for my use case and how to correctly format them in the OAuth request.

Here’s what I’ve done so far:

  1. Set up the OAuth flow with a callback URL.
  2. Identified potential scopes such as text-generation and models-read based on my application’s requirements.

My main question is: How do I determine the precise scopes needed for my application, and what is the correct way to format these scopes in the OAuth authorization request?

Any advice or guidance on how to properly configure these scopes, especially in the context of OpenAI’s API, would be greatly appreciated. I am particularly interested in examples or best practices that I might not be aware of.

Thank you in advance for your assistance!

      "scopes": {
        "Basemaps": "Access to Basemap services",
        "Geocoding (not stored)": "Access to non-stored Geocoding services",
        "Places": "Access to Places services",
        "Routing": "Access to Routing services",
        "Service area": "Access to Service Area services"

Hello & welcome to the forum!

It’s hard to say without more details on what your app is doing, but just speculating here—I don’t think you need to worry about configuring scopes, especially if, as you say, you’re not super confident with them.

Right now, ChatGPT doesn’t support requesting multiple different tokens for different endpoints, so it’ll just make one big token request upfront with all the scopes you need (which is what the ‘Scopes’ field in the UI is asking for, a comma-delimited list of scopes).

If you’re developing a brand-new backend service for OAuth, I probably wouldn’t bother separating out scopes for it and just have a single all scope, which you can probably ignore in the token request and just issue blank cheques to the app.

However, if you’re developing a ChatGPT action for an existing service which does require scopes, you should figure out what endpoints your Actions are accessing, then determine which scopes those endpoints need (usually from the docs for the existing service), then put that list of scopes in the ‘Scopes’ field in the UI.

If I got that totally wrong, can you please explain your architecture in a little more detail so I can understand what service you’re authing with, and whether you’re writing the OAuth endoints yourself or connecting to existing ones?

I am trying to connect to ArcGis… “securitySchemes”: {
“OAuth2”: {
“type”: “oauth2”,
“flows”: {
“authorizationCode”: {
“authorizationUrl”: “”,
“tokenUrl”: “”,
“scopes”: {
“Basemaps”: “Access to Basemap services”,
“Geocoding (not stored)”: “Access to non-stored Geocoding services”,
“Places”: “Access to Places services”,
“Routing”: “Access to Routing services”,
“Service area”: “Access to Service Area services”
},…Documentation - Documentation | ArcGIS Developers)…and I am uncertain what to put in the auth for OpenAI actions.

I can’t find any information in their documentation that suggests ArcGIS require OAuth scopes, so you shouldn’t need to specify them.

Just FYI—the securitySchemes parameter doesn’t work right now, you have to configure your auth through the UI. If you open the GPT Editor to your GPT Actions, scroll down below the schema field and look for the ‘Authentication’ field. Click on that to configure those fields.

1 Like

What do I put if there is no scope for OpenAI? What do I put in for scope if the API provider has none

It doesn’t matter IIRC, it won’t be used