为什么我可以在 Microsoft 身份平台 AAD v 2 上使用具有某些权限/范围的短名称?

Why can i use the short name with some permissions / scopes on microsoft identity platform AAD v 2?

设置我的 OAuth 客户端应用程序时,我需要定义范围。我知道诸如 openid profile email 等 open id connect 之类的内置范围,并且根据 https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent#scopes-and-permissions

上的文档

Identity platform supports several well-defined OpenID Connect scopes as well as resource-based permissions (each permission is indicated by appending the permission value to the resource's identifier or application ID URI). For example, the permission string https://graph.microsoft.com/Calendars.Read is used to request permission to read users calendars in Microsoft Graph.

但在实践中我发现大多数文档(甚至后来的同一个文档)经常使用“短名称”来表示图形范围,例如 User.Read.All cf https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent#admin-restricted-permissions:

Read all user's full profiles by using User.Read.All

这是怎么回事,MS api 是特殊的吗?它们的 permissions/scopes 有特殊的短名称别名吗?有没有人知道这个文档?

如果您在范围值中省略资源,Microsoft Identity 平台将假定您指的是 Microsoft Graph。因此,User.Read 被视为 https://graph.microsoft.com/User.Read