V2.0 Client Credentials Implement Scopes
The current Azure AD v2.0 Client Credentials Grant doesn't formally support scopes.
You have to pass in your application ID appended with .default (Not a scope) which then forces you down the permissions route. You also end up with roles in your token instead of scopes.
In order to conform to the OAuth standard, scopes should be supported like they are in other grants/flows.
It also makes it difficult to implement in our services as we have to support two completely different models.
we can do this in okta 😉
Related issue: Scopes Not Returned w/ Client Credential Flow
Related GitHub Issue: https://github.com/MicrosoftDocs/azure-docs/issues/10016