# Configuring your scope

## Introduction&#x20;

Scopes within the Passport Protocol act as programmable key management namespaces / configurations. By creating a scope you can:

* **Organise**: Keep your authentication methods and settings arranged in a clear way.
* **Control**: Set specific permissions and policies for each scope.
* **Customise**: Pick from authentication methods like OAuth, 2FA or more, that suit your needs.

## Setup&#x20;

Install `passport-scope-cli`

{% tabs %}
{% tab title="npm" %}

<pre class="language-bash"><code class="lang-bash"><strong>npm install -g passport-scope-cli
</strong></code></pre>

{% endtab %}

{% tab title="yarn" %}

```bash
yarn global add passport-scope-cli
```

{% endtab %}

{% tab title="pnpm" %}

```bash
pnpm install -g passport-scope-cli
```

{% endtab %}
{% endtabs %}

After installation, try `passport-scope` in your terminal to see if it is installed:

```bash
% passport-scope
Usage: passport-scope [options] [command]
```

Available Commands

* `-V, --version`: output the version number
* `-h, --help`: display help for command
* `create [options]`: Create a new scope based on the provided configuration.

## Commands

### **Generate Keys**

* Create a new keys for your scope if you haven't created one already.
* This should create two files
  * `<KEY_NAME>_pub.der`
  * `<KEY_NAME>_priv.der`

{% code overflow="wrap" %}

```bash
passport-scope generate-keys --name <KEY_NAME>
```

{% endcode %}

### **Create Scope**:

* This method creates a new scope based on the provided configuration file.
* Upon execution, you should receive a `scope_id` as output.
* The system generates a temporary random wallet for every scope.

{% code overflow="wrap" %}

```bash
passport-scope create --config-path ./<YOUR_CONFIG_FILE>.json --private-key ./<KEY_NAME>_priv.der --network testnet --verbose
```

{% endcode %}

**Note**: Always exercise caution with private keys. While the key isn't stored or used for any purpose other than signing, it's crucial to avoid using a private key that is already exposed with other services. Always opt for a freshly key pair dedicated solely to managing scopes.

Detailed configuration structures are as follows:

| Option        | Description                                                                                            |
| ------------- | ------------------------------------------------------------------------------------------------------ |
| --config-path | Path of the scope configuration content                                                                |
| --network     | The network you'd like to use can be testnet / mainnet / localhost                                     |
| --private-key | Path of the private key that is going to be the owner of the scope. If not provided, a new key pair is |

## Scope Configuration

Define the authentication rules for the scopes you own in JSON format.&#x20;

#### Passkeys

Here's a simple structure for a scope supporting Passkeys:

```json
{
  "rp": {
    "id": "demo.0xpass.io",
    "origin": "https://demo.0xpass.io/",
    "name": "Text Relying Party"
  },
  "policies":[]
}
```

Here are the components of the scope config

* rp: configurations for webauthn relaying party.&#x20;
  * id: the domain of where the passkey is generated
  * origin: full url of the domain
  * name: human readable name for the domain

## Keep track of your Scope ID

Upon successful creation of the scopes, take note of the `scope_id`.&#x20;

This `scope_id` is essential for initializing the Passport instance. For a comprehensive integration guide, please consult the [**Quickstarts** and **Examples** sections](/guides-and-examples/quickstarts-and-examples.md).

## Updating a Scope

Updating a scope is same as creating a scope, except you specify a scope id.

{% code overflow="wrap" %}

```bash
passport-scope update --scope-id ed5fdb5c-53f3-4a0f-a7af-53b0f09121bb --config-path ./<YOUR_CONFIG_FILE>.json --private-key ./<KEY_NAME>_priv.der --network testnet --verbose
```

{% endcode %}

## Next Steps&#x20;

Once you have your scope ID, you can now proceed to the appropriate authentication method sections to continue with your integration.&#x20;

* [#passkeys](#passkeys "mention")


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.0xpass.io/authentication/configuring-your-scope.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.