Oct 17 2020
02:05 PM
- last edited on
Jan 14 2022
04:28 PM
by
TechCommunityAP
Oct 17 2020
02:05 PM
- last edited on
Jan 14 2022
04:28 PM
by
TechCommunityAP
I believe V2 AUTHZ endpoints issue V1 access tokens if the client's scope items are for an API that is only V1 compliant (e.g. Graph).
But does it mean that, for example, the token merely has the V1 claim fields and not the V2 ones, or that the V2 endpoint behaves exactly like a V1 endpoint in that it ignores client scopes and acts as if 'resource' was specified (i.e. selects all the static permissions specified for that client in AAD)