I try to understand if there is a way to ask all 'Scopes' of the user in Azure B2C and not specific ones?
Another question, what happens if we request for scope = x y z but the user has only x, it returns only x?
For example, if an app does not recognize all the user scopes and wants to use the user token to access other resource protected with scope x
Short answer - no. This would be in conflict with OpenID Connect specification. As described in the Authorization request scope is required parameter. With some additional explicitly listed values. The OAuth RFC is even more vague when it comes to defining the scope in the authorization request.
One thing worth noting is that you can, anyway only request scopes belonging to single resources in one request. That is in addition to the OIDC standard scopes. So you can only request scopes for one API (i.e. "https://my.api/api/read") but not for more than one ("https://my.api/api/read https://my.other.api2/api/read").
Bottom-line - no, you have to explicitly call out all the scopes that you require, and there is no way to ask the end-user "give me access to everything you have access to"..
Oh, and something more, when you configure your applications in a B2C tenant, you define the required scopes at the application level. For example:
Now all the users who sign-in to the SmartCollabClients application will be granted access to the 3 scopes defined and publish by the SmartCollabApi application.
I try to understand if there is a way to ask all 'Scopes' of the user in Azure B2C and not specific ones?
No, currently it is not possible. All the scopes you should explicitly request.
Another question, what happens if we request for scope = x y z but the user has only x, it returns only x?
No, if you request of scopes x,y,z (which are already associated for requested clientid), B2C will return same scopes irrespective of user privileges
Following SO post gives you few more details What use are 'Scopes' in Azure B2C Authentication?
