Hello @Abhay Chandramouli , scopes/permissions requested to Entra ID (formerly Azure AD) are returned inside the scp
claim for users and roles
for applications. It's possible to issue an access token for multiple scopes/permissions provided the resource is the same. Eg. ?scope=https://myapi/token.read+https://myapi/token.write.
Here https://myapi
is the resource.
Take a look to the following links for more information on how to:
- Expose custom user/delegated permissions
- Expose custom application permissions
- Request an access token as a user
- Request an access token
Let us know if you need additional assistance. If the answer was helpful, please accept it and rate it so that others facing a similar issue can easily find a solution.