For applications that were discovered through OAuth, Torii shows the OAuth risk level associated with each application.

Those risk levels can be viewed from the security page.

About OAuth 2.0 Scopes

OAuth 2.0 uses scopes as a mechanism to limit an application's access to a user's account. An application can request one or more scopes, this information is then presented to the user in the consent screen, and the access token issued to the application will be limited to the scopes granted.

Torii Risk Levels

The risk levels are determined according to the OAuth scopes that the users have granted to the application to their G-Suite/Azure-AD/Slack accounts.

  • High: Apps with modify access

  • Medium: Apps with read only access to sensitive data

  • Low: Apps with read only access to non-sensitive data

Did this answer your question?