Overview#
Implicit Scopes (also referred to as Privileged Scope) are OAuth Scopes granted by the Authorization Server based on Authorization Policy for Resource Owner, or a the OAuth Client on Resource Owner’s behalf and may be a Trust Elevation eventThe Implicit Scopes may be granted based on the:
- context of the OAuth Client
- context of the Resource Owner
- Authorization Policy
Implicit Scopes Examples#
An application may have some Resources that are publicly available for any Authenticated Resource Owner that is also a customer.When the Resource Owner is utilizing Social Login the Authorization Server may determine this user is also a Customer. The Authorization Policy says that any Customer may be granted the "read_premium" OAuth Scope. So the Authorization Server would grant the Implicit Scopes "read_premium". An application may have some Resources that are publicly available for any Authenticated Resource Owner.
A "read" Implicit Scopes could be granted in the Access Token without being requested.