What is the meaning of scope = scope-token *( SP scope-token ) scope-token = 1*( %x21 / %x23-5B / %x5D-7E ) in RFC6749 about OAuth2

Question

What is the meaning of
scope = scope-token *( SP scope-token ) scope-token = 1*( %x21 / %x23-5B / %x5D-7E )

in RFC6749 3.3. Access Token Scope?

Answer 1

so the way I interpret this is

scope-token = 1*( %x21 / %x23-5B / %x5D-7E )

seems to be saying that a scope-token can be 1 or more ascii characters from the defined hex character ranges. So basically x21 (!) to x7E (~) but disallowing x22 (") and x5C (\). See here for a list of characters and their hex codes.

and

scope = scope-token *( SP scope-token )

suggests that scope is a scope-token (as defined above) appended with zero or many SP scope-tokens where SP is a space character.

So a valid scope string would be:

scope = i am 5 scopes !!!!

but these wouldn't be valid scope strings:

scope = "scope1" "scope2" "scope3"
scope = scope1\scope2\scope3

Answer 2

The expressions are ABNF.

RFC6749 8.1. Defining Access Token Types mentions it.