I am testing an OAuth integration using the OAuth v2.0 endpoints.
In my initial request to
oauth2/v2.0/authorize I am sending a request containing the following scopes:
User.Read, offline_access, Files.Read.All
And then for the second token endpoint
oauth2/v2.0/token, I pass the code from the authorize step, along with
authorization_code and the
The response returned contains the
access_token & the
refresh_token as expected, but the returned list of scopes doesn't contain
offline_access. Is it a bug? or is that expected and just some misunderstanding on my part.
My returned list of scopes is as follows:
"scope":"Files.Read.All openid User.Read profile email"