!!! Overview
[{$pagename}] (also referred to as [Privileged Scope]) are [OAuth Scopes] granted by the [Authorization Server] based on [Authorization Policy] for [Resource Owner], or a the [OAuth Client] on [Resource Owner]’s behalf and may be a [Trust Elevation] [event]


The [{$pagename}] may be granted based on the:
* [context] of the [OAuth Client]
* [context] of the [Resource Owner]
* [Authorization Policy]

!! [{$pagename}] [Examples]
An application may have some [Resources] that are publicly available for any [Authenticated] [Resource Owner] that is also a [customer].


When the [Resource Owner] is utilizing [Social Login] the [Authorization Server] may determine this user is also a [Customer]. The [Authorization Policy] says that any [Customer] may be granted the "read_premium" [OAuth Scope]. So the [Authorization Server] would grant the [{$pagename}] "read_premium".
An application may have some [Resources] that are publicly available for any [Authenticated] [Resource Owner].


A "read" [{$pagename}] could be granted in the [Access Token] without being requested.

!! [Multi-Factor Authentication] [Example]
The [acr] implies how the [Authentication Method] used. The [Authorization Server] could grant some "elevated" [OAuth Scopes] based on the [Authorization Policy] and the [Multi-Factor Authentication] used.


!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]