Scope refers to the permissions associated with an application. Scope is determined by your SharePoint administrator. If the Microsoft Identity Platform (v2) is being used to provision users and manage application access, then scope must be specified using the Scope property when retrieving the OAuth tokens necessary for connecting to a SharePoint site.

The value of the Scope property may consist of an OAuth scope or a space-separated list of OAuth scopes. The following syntax applies to each scope specified by the scope property.

resource_uri/scope_name offline_access […]

where:

resource_uri
is the URI for your SharePoint site and is found at the start of the ServiceURL. For example, https://mycorp.sharepoint.com is the resource URI for the ServiceURL https://mycorp.sharepoint.com/sites/marketing/global.
scope_name
is the name of a scope being enforced against the SharePoint site.
offline_access
is a scope that enables prolonged access to resources on behalf of a user. This scope must be included if you are retrieving a refresh token.

Example

The following example shows the scope for a SharePoint site with the .default and offline_access scopes.

Scope=https://mycorp.sharepoint.com/.default offline_access

Note: The .default scope is a Microsoft Identity Plaform scope that refers to the static list of permissions configured on the application registration. Refer to Microsoft Identity Plaform documentation for further details.