keycloak-scim/authorization_services/topics/policy-client-scope-policy-required-client-scope.adoc

[[_policy_client_scope_required]]
= Defining a Client Scope as Required

When creating a client scope-based policy, you can specify a specific client scope as `Required`. When you do that, the policy will grant access only if the client requesting access has been granted *all* the *required* client scopes.

.Example of Required Client Scope
image:{project_images}/policy/create-client-scope.png[alt="Example of Required Client Scope"]

To specify a client scope as required, select the `Required` checkbox for the client scope you want to configure as required.

Required client scopes can be useful when your policy defines multiple client scopes but only a subset of them are mandatory.
KEYCLOAK-17637 Client Scope Policy for authorization service 2021-04-05 06:12:11 +00:00			`[[_policy_client_scope_required]]`
			`= Defining a Client Scope as Required`

			When creating a client scope-based policy, you can specify a specific client scope as `Required`. When you do that, the policy will grant access only if the client requesting access has been granted all the required client scopes.

			`.Example of Required Client Scope`
			`image:{project_images}/policy/create-client-scope.png[alt="Example of Required Client Scope"]`

			To specify a client scope as required, select the `Required` checkbox for the client scope you want to configure as required.

			`Required client scopes can be useful when your policy defines multiple client scopes but only a subset of them are mandatory.`