Oauth Scopes Review
OAuth permissions audit panel listing each app scope with a plain-English description, risk level, and a per-scope revoke affordance.
OAuth permissions audit panel listing each app scope with a plain-English description, risk level, and a per-scope revoke affordance.
The Application Collection unlocks the source for every Application block. All Access unlocks every Collection.
Already purchased? Log in
OAuth Scopes Review is the permissions audit panel for an installed Slack app, six scopes listed as ruled rows each with its machine name in a mono chip, a risk-level badge, a plain-English description of what it lets the app do, and either a Revoke scope button or a Required by app note where granular revocation is not available. The panel header counts all six scopes and a Revoke app button sits top right. A minimal-scope note at the bottom explains that revoking a scope disables only the feature that needs it, not the entire connection.
Scopes are a typed array with riskLevel and revocable fields. The plain-English description row is the detail that stops users from approving channels:history without realizing it means read messages and files in public channels.
Reach for this block on the integration detail page for any OAuth-connected app, wired to your token scopes API. Show it whenever a user installed an app or is reviewing what an app can access.
A natural flow around it on an Application Pro page:
Before
After
One strong use is the Slack app permissions review page. Other OAuth scope panels:
Tip: plain-English scope descriptions are more honest than the raw scope string and prevent quiet over-grant at install time.