If your scopes laid out in this request span various source server, then the Microsoft id System returns a token with the resource specified in the first scope. For more information, see Permissions and consent during the Microsoft id System.The consumer really should send out the consumer back again for the /authorize endpoint with the proper scop