Azure-docs: I don't understand how the 'Scopes' in Azure B2C are supposed to be used

Created on 16 Apr 2018 · 8Comments · Source: MicrosoftDocs/azure-docs

I don't understand how the 'Scopes' in Azure B2C are supposed to be used. They are associated with an API, but not a user. I'm sure I'm missing something, but I see no practical use for something associated with an API. I've used and implemented Claims-based authentication based on a user's role in the database.

It took me a while to wrap my head around this too. I don't think this concept is well documented. Maybe it is and missed it so please correct me if I'm wrong 😁

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

ID: 245ef8a4-a811-19b7-676c-aa9b82e2126f
Version Independent ID: ad2ec743-2aa7-b3c7-3350-2986a78d7c90
Content: Cloud identity management web and mobile apps Azure AD B2C
Content Source: articles/active-directory-b2c/active-directory-b2c-overview.md
Service: active-directory-b2c
GitHub Login: @davidmu1
Microsoft Alias: davidmu

active-directory-b2svc assigned-to-author doc-enhancement triaged

Source

spottedmahn

👍1

All 8 comments

@spottedmahn Thanks for the feedback! We are currently investigating and will update you shortly.

mimckitt on 16 Apr 2018

@spottedmahn Request you help me with which section of the document seems confusing. I saw SO post and the concept is well explained. Please refer to this document which also helps explain it - Permission scopes | Graph API concepts

MohitGargMSFT on 17 Apr 2018

👍1

Hi @MohitGargMSFT 😊

I saw SO post and the concept is well explained

Thanks!

Request you help me with which section of the document seems confusing

For starters, where is the documentation page that discusses scopes? I see pages have talk about how to configure them but not the concept/idea behind them.

IMO, there should be a page under "Concepts" that describes this:

spottedmahn on 17 Apr 2018

@spottedmahn Thanks! I am assigning this issue to document author to check on your feedback and update as appropriate.

MohitGargMSFT on 17 Apr 2018

See's @chrispadgettlivecom's answer

Roles and scopes provide the two halves for this user access control.

Roles -- such as Administrator, Member, and Guest -- determine whether an authenticated user is permitted to delete objects.

Scopes -- such as read, write, and delete -- determine whether an authorized application can delete objects on behalf of an authorizing/consenting user if this user, through their role assignment/s, is permitted to do so.

spottedmahn on 18 Apr 2018

I agree that more conceptual information is needed about scopes.

We have opened an item in our documentation backlog to have this investigated and updated. We'll respond back to you on this issue when we've done the work. For now, we'll close this GitHub issue.

please-close

davidmu1 on 19 Apr 2018

👍1

@spottedmahn We will now proceed to close this thread. If there are further questions regarding this matter, please reopen it and we will gladly continue the discussion.

BryanTrach-MSFT on 19 Apr 2018

Hi @BryanTrach-MSFT - FYI, I don't have the power to re-open 😪

I'm good though 😊

spottedmahn on 19 Apr 2018

👍1

Was this page helpful?

0 / 5 - 0 ratings

Related issues

Managed Service Identity

tvperez76 · 55Comments

AzureDevops don't considerate as 'Microsoft Services'

renattomachado · 42Comments

Query exceeded the maximum allowed memory usage of 40 MB. Please consider adding more filters to reduce the query response size

kamaljoshi911 · 47Comments

WEBSITE_CONTENTSHARE should not be used accroding to support

danielstocker · 70Comments

The code appears to build fine. The certificates are all loaded. But I cannot connect. There has to be a step missing. Do we need to create client certificate on the cluster? When I try to open the service fabric explorer I get a not authorized message. Not sure why?

tshinkle · 40Comments