...
To have Azure AD issue tokens for the aforementioned apps, each app needs a custom scope. For example, custom_scope can be as the name of our the scope.
To create the custom scope, follow these steps for each app:
Open the app registration
Open “Expose an API” tab
Click “Add a scope”
Scope name:
custom_scopeWho can consent? Admins and users
Admin consent display name:
custom_scopeAdmin consent description: A custom ModelOp Center scope
User consent display name:
User consent description:
State: Enabled
Once the custom scope is created, it has to be added as a permission on each ModelOp Center app, except for internal-client, and admin consent must be granted for the app to be able to use it:
...
Open the app registration
Click “App roles”
Click “Create app role”
Display name:
modelop_clientAllowed member types: Applications
Value:
modelop_clientDescription:
This role is used to distinguish between OAuth2 clients and end users in ModelOp Center