为什么在 Microsoft Identity Platform 中自动添加离线范围

Why offline scope is added automatically in Microsoft Identity Platform

我正在尝试使用 Microsoft Graph api's using OAuth 2.0

https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=<client_id>&redirect_uri=https://mytestenv&response_type=code&prompt=select_account&scope=User.Read

尽管我提供了 User.Read 范围。 OAuth 同意屏幕还列出了离线权限。

如何删除它?

尝试阅读此文档:https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent#offline_access

This permission currently appears on all consent pages, even for flows that don't provide a refresh token (such as the implicit flow). This setup addresses scenarios where a client can begin within the implicit flow and then move to the code flow where a refresh token is expected.

On the Microsoft identity platform (requests made to the v2.0 endpoint), your app must explicitly request the offline_access scope, to receive refresh tokens.

在将 v2 端点与 AAD 帐户一起使用时,目前无法从初始同意屏幕中删除 offline_access 范围。这个问题有反馈here.