api – Allows access to the current, logged-in user’s account using APIs, such as REST API and Bulk API. This value also includes chatter_api, which allows access to Chatter REST API resources.
chatter_api – Allows access to Chatter REST API resources only.
custom_permissions – Allows access to the custom permissions in an organization associated with the connected app, and shows whether the current user has each permission enabled.
full – Allows access to all data accessible by the logged-in user, and encompasses all other scopes. full does not return a refresh token. You must explicitly request the refresh_token scope to get a refresh token.
id – Allows access to the identity URL service. You can request profile, email, address, or phone, individually to get the same result as using id; they are all synonymous.
openid – Allows access to the current, logged in user’s unique identifier for OpenID Connect apps.
Use the openid scope in the OAuth 2.0 user-agent flow and the OAuth 2.0 web server authentication flow to receive a signed ID token conforming to the OpenID Connect specifications in addition to the access token.
refresh_token – Allows a refresh token to be returned when you are eligible to receive one. Then the app can interact with the user’s data while the user is offline, and is synonymous with requesting offline_access.
visualforce – Allows access to customer-created Visualforce pages. Doesn’t allow access to standard Salesforce UIs.
web – Allows the ability to use the access_token on the web, and includes visualforce, allowing access to customer-created Visualforce pages.
Reference Link – https://help.salesforce.com/articleView?id=sso_provider_addl_params_scope.htm&type=5
