Overview#
Implicit Scopes (also referred to as
Privileged Scope) are
OAuth Scopes granted by the
Authorization Server based on
Authorization Policy for
Resource Owner, or a the
OAuth Client on
Resource Owner’s behalf and may be a
Trust Elevation event
The Implicit Scopes may be granted based on the:
An application may have some
Resources that are publicly available for any
Authenticated Resource Owner that is also a
customer.
When the Resource Owner is utilizing Social Login the Authorization Server may determine this user is also a Customer. The Authorization Policy says that any Customer may be granted the "read_premium" OAuth Scope. So the Authorization Server would grant the Implicit Scopes "read_premium".
An application may have some Resources that are publicly available for any Authenticated Resource Owner.
A "read" Implicit Scopes could be granted in the Access Token without being requested.
The
acr implies how the
Authentication Method used. The
Authorization Server could grant some "elevated"
OAuth Scopes based on the
Authorization Policy and the
Multi-Factor Authentication used.
There might be more information for this subject on one of the following: