Determining the scope
- Last Updated: December 17, 2020
- 1 minute read
Scope refers to the permissions associated with an application. These permissions are specified when registering your application on the Azure portal. For Microsoft Identity Platform (v2) provisioning, scope must be specified in order to retrieve the refresh token needed for implementing a refresh token grant.
The value of the scope may consist of an OAuth scope or a space-separated list of OAuth scopes. The following syntax applies.
resource_uri/scope_name offline_access […]
where:
- resource_uri
- is the URI for your SharePoint site and is found at the start of the ServiceURL. For example, https://mycorp.sharepoint.com is the resource URI for the ServiceURL https://mycorp.sharepoint.com/sites/marketing/global.
- scope_name
- is the name of a scope being enforced against the SharePoint site.
- offline_access
- is a scope that enables prolonged access to resources on behalf of a user. This scope must be included if you are retrieving a refresh token.
Example
The following example shows the scope for a SharePoint site with the .default and offline_access scopes.
Scope=https://mycorp.sharepoint.com/.default offline_access
Note: The .default scope is a Microsoft Identity Plaform
scope that refers to the static list of permissions configured on the application
registration. Refer to Microsoft Identity Plaform documentation for further
details.