Matthew Van Auwelaer on 10 Feb 2025 17:23:44
RFC 6750 (OAuth 2.0 Bearer Token Usage) section 3 allows a scope attribute in the WWW-Authenticate response header field. Power Query should honor this scope, if present, when obtaining access tokens from Entra. This would support "Scenario 1 - Client app authorizes directly to backend" for Azure API Management, as described here: https://learn.microsoft.com/en-us/azure/api-management/authentication-authorization-overview#scenario-1---client-app-authorizes-directly-to-backend
- Comments (1)
RE: Power Query honor OAuth 2 scope attribute
For example, if the Web data source returns this in the 401 responseWWW-Authenticate: Bearer authorization_uri=entra_authorization_endpoint, scope=some_scopePower Query would use scope=some_scope in the OIDC redirect to authorization_uri