VaporScope is a library to use Scope in Vapor.


Swift Package Manager

dependencies: [
    .package(url: "", from: "0.1.0"),



This library is built on the ScopeCarrier protocol which conforms to JWTPayload.

So, it is important that your project is using JWT for authentication.

Define a payload

To start, create a payload and let it conform to the ScopeCarrier.

For Example:

public struct User: ScopeCarrier {
    enum CodingKeys: String, CodingKey {...}
    public var subject: SubjectClaim
    public var expiration: ExpirationClaim
    public var scopes: [String]
    public func verify(using signer: JWTSigner) throws {...}
    public init(...) {...}

For more detail, go to ScopeCarrier+Testable.swift.


Encode and Decode

Based on JWTPayload, it’s for sure that you can encode or decode your payload for further transmission.

You should know how we get payload and decode it.

// Encode
let user = User(...)
let encode = try app.jwt.signers.sign(u)

// Decode
let payload = try request.jwt.verify(as:User.self)


let user = User(...)
try await User.authenticator().authenticate(jwt: user, for: request)

// OR

let user = User(...)
try await user.authenticate(request: request)


We usually create a Middleware helping login a user.

It is how: {
    $0.get(use: handler)


In this part we will show how to use VaporScope for Scope-based authentication.

In ScopeHandler.swift, we define the basic logic for assearting scopes. See ScopeHandler.assertScopes(_:carried:) for more detail.

As you can see, when we try to assert the scopes, we define that every required scope should be contained by carried scopes. Contained means a required scope should be satisfied by one of the carried scopes.


Every request has an independent authentication, so we need a method to check every request.

Use ScopeHandler to help you check every request.

try ScopeHandler(request: request).satisfied(with: ["all.part:read"], as: User.self)

// OR

try request.oauth.satisfied(with: self.scopes, as: User.self)


We also provide a better way to use ScopeHandler.

    User.guardMiddleware(with: ["one", "two"])
]).get("action", use: handler)


View Github