Overview#We use Privileged Scope when there is an additional OAuth Scopes granted by Authorization Server which was NOT requested by the OAuth Client
The Privileged Scope may be granted based on the:Resources that are publicly available for any Authenticated Resource Owner that is also a customer.
When the Resource Owner is utilizing Social Login the Authorization Server may determine this user is also a Customer. The Authorization Policy says that any Customer may be granted the "read_premium" OAuth Scope. So the Authorization Server would grant the Privileged Scope "read_premium".acr implies how the Authentication Method used. The Authorization Server could grant some "elevated" OAuth Scopes based on the Authorization Policy and the Multi-Factor Authentication used.