ASP.NET Identity / OAuth: How can I restrict the granted privileges to allow nothing but just to authenticate?

Question

When I see OAuth samples for ASP.NET Identity it looks like they always grant some kind of privileges to the client application:

I don't want any privileges to be granted. I just want a user to be authenticated.

How can I set this to happen?

Answer 1

Using OAuth 2.0 without any privileges (or: scopes) does not make sense (unless a default scope is always assumed by the Authorization Server). It seems that you're looking for user authentication, which is not a function of OAuth 2.0 per se. You need an extension such as OpenID Connect, in which case you would provide only the "openid" scope in the authentication request.