Overview#

Implicit Scopes (also referred to as Privileged Scope) are OAuth Scopes granted by the Authorization Server based on Authorization Policy for Resource Owner, or a the OAuth Client on Resource Owner’s behalf and may be a Trust Elevation event

The Implicit Scopes may be granted based on the:

• context of the OAuth Client
• context of the Resource Owner
• Authorization Policy

Implicit Scopes Examples#

An application may have some Resources that are publicly available for any Authenticated Resource Owner that is also a customer.

When the Resource Owner is utilizing Social Login the Authorization Server may determine this user is also a Customer. The Authorization Policy says that any Customer may be granted the "read_premium" OAuth Scope. So the Authorization Server would grant the Implicit Scopes "read_premium". An application may have some Resources that are publicly available for any Authenticated Resource Owner.

A "read" Implicit Scopes could be granted in the Access Token without being requested.

Multi-Factor Authentication Example#

The acr implies how the Authentication Method used. The Authorization Server could grant some "elevated" OAuth Scopes based on the Authorization Policy and the Multi-Factor Authentication used.

More Information#

There might be more information for this subject on one of the following:

• OAuth Scope Example
• OAuth Scopes