Overview#
Scp (Scopes) Claim is described in OAuth 2.0 Token Exchange as an array of strings, each of which represents an OAuth Scope granted for the issued security token.Each array entry of the claim value is a scope-token, as defined in Section 3.3 of OAuth 2.0 RFC 6749.
The following example illustrates the "scp" claim within a JWT Claims Set with four scope-tokens.
{ "aud":"https://consumer.example.com", "iss":"https://issuer.example.com", "exp":1443904177, "nbf":1443904077, "sub":"dgaf4mvfs75Fci_FL3heQA", "scp":["email","address","profile","phone"] }