Azure AD | Tokens

Abhay Chandramouli 1,056 Reputation points
2023-10-17T12:32:41.05+00:00

Hi

I have the following requirement.

I want to send multiple scopes to the /token endpoint in Azure AD. Like scope = token.read token.write and I expect these roles to comeback in the scp claim or the roles claim for a backend app registration

Please let me know the steps for this

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,526 Reputation points Moderator
    2023-10-17T16:53:14.3633333+00:00

    Hello @Abhay Chandramouli , scopes/permissions requested to Entra ID (formerly Azure AD) are returned inside the scp claim for users and roles for applications. It's possible to issue an access token for multiple scopes/permissions provided the resource is the same. Eg. ?scope=https://myapi/token.read+https://myapi/token.write. Here https://myapi is the resource.

    Take a look to the following links for more information on how to:

    Let us know if you need additional assistance. If the answer was helpful, please accept it and rate it so that others facing a similar issue can easily find a solution.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.