This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 73%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKK%3C/text%3E%3C/svg%3E)
Hi,
I am using postman as provided below to fetch oauth token for getting access for SharePoint REST APIs.
I have provided scope as User.Read.All .
But when I am getting access token, in the scope section I am getting all the scopes which are available for the application(registered in azure).
Is there any way to restrict the access token to the specified scope as provided in the screenshot1?
Please suggest.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 7.000000000000001%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
Hi @Karteek Koraganji ,
Got the same result as yours on my end. Looks like we cannot restrict specified scope for access token.
As a workaround, you could register a new app in AAD and grant specified permission.
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi @Michael Han-MSFT,
The work around will not work in our scenario. There are many users(accounts) with different scopes and creating new app in AAD will create many multiple similar apps(permissions vary but serving the same purpose) in AAD.
Is there any other work around available with out creating new app?
Another choice is using Graph api instead of SharePoint Rest API.
In graph api auth, you could restrict scope: https://learn.microsoft.com/en-us/graph/auth-v2-user
Hi @Karteek Koraganji ,
Is there anything update? If my reply helps you, you could accept it as answer :)