From c3a805d7d7da4420e273eae7a049a7d85e5502cc Mon Sep 17 00:00:00 2001 From: Noel Tiangco Date: Thu, 23 Jan 2025 09:55:05 -0500 Subject: [PATCH] Update scopes-oidc.md redundant. paragraph deleted is repeated in the NOTE section just a paragraph below it --- docs/identity-platform/scopes-oidc.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/docs/identity-platform/scopes-oidc.md b/docs/identity-platform/scopes-oidc.md index a4d8dc68391..c55a7797d10 100644 --- a/docs/identity-platform/scopes-oidc.md +++ b/docs/identity-platform/scopes-oidc.md @@ -37,8 +37,6 @@ When a resource's functionality is chunked into small permission sets, third-par In OAuth 2.0, these types of permission sets are called *scopes*. They're also often referred to as *permissions*. In the Microsoft identity platform, a permission is represented as a string value. An app requests the permissions it needs by specifying the permission in the `scope` query parameter. Identity platform supports several well-defined [OpenID Connect scopes](#openid-connect-scopes) and resource-based permissions (each permission is indicated by appending the permission value to the resource's identifier or application ID URI). For example, the permission string `https://graph.microsoft.com/Calendars.Read` is used to request permission to read users calendars in Microsoft Graph. -In requests to the authorization server, for the Microsoft identity platform, if the resource identifier is omitted in the scope parameter, the resource is assumed to be Microsoft Graph. For example, `scope=User.Read` is equivalent to `https://graph.microsoft.com/User.Read`. - ## Admin-restricted permissions Permissions in the Microsoft identity platform can be set to admin restricted. For example, many higher-privilege Microsoft Graph permissions require admin approval. If your app requires admin-restricted permissions, an organization's administrator must consent to those scopes on behalf of the organization's users. The following section gives examples of these kinds of permissions: