I want to get an access token with all my scopes in it.

Iulian David 0 Reputation points

I want to get an access token with all my scopes in it. I have opened email offline_access profile User.Read and an API one api://[myapi]/Domino.user.all. When I call the authorisation flow with code with all but my API scope, I do see the scopes. when I add also my API scopes the rest of them disappear from the token, so that I see only my Custom one:

"scp": "Domino.user.all",

The result when I add all the scopes and My Api one

"scp": "email offline_access profile User.Read", when I don't add my API scope.

How can I get all the scopes in the token?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
17,594 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Navya 1,285 Reputation points Microsoft Vendor

    Hi @Iulian David

    Thank you for posting this in Microsoft Q&A.

    I understand you want to get an access token with all your scopes in it.

    These scopes openid,email,offline_access,profile user.read under Microsoft Graph API and API one api://[myapi]/Domino.user.all is Application scope.

    It is not possible to include scopes for different resources in the same Azure AD access token request because access tokens are issued based on API audiences, one token cannot have multiple API audiences, you need to obtain separate access token for different types of scopes.

    For more information, please refer this document: https://learn.microsoft.com/en-us/entra/identity-platform/scopes-oidc#openid-connect-scopes

    Hope this helps. Do let us know if you any further queries.



    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.