What is the .default scope for graph.microsoft.com
I can use a service principal to get an access-token from https://graph.microsoft.com but when I try to get a token for https://graph.microsoft.com/.default I get the following error.
What is possible impact if my token was issued without this scope?
Get Token request returned http error: 400 and server response:
{
"error": "invalid_resource",
"error_description": "AADSTS500011: The resource principal named https://graph.microsoft.com/.default was not found in the tenant named 4c000000-0000-0000-0000-0000000000. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.Trace ID: 00-00-00-00000
Correlation ID: 00-00-00-000
Timestamp: 2020-08-06 00:17:31Z"error_codes": [ 500011 ],
"timestamp": "2020-08-06 00:17:31Z",
"trace_id": "d301a1cb-8feb-44e0-8b04-e463dd8d5b00",
"correlation_id": "92947479-d924-49fd-8e29-1d7cbe70d289",
"error_uri": "https://login.microsoftonline.com/error?code=500011"
}
I noticed that you use the v1.0 endpoint to get the access token. It generally uses Resource as the request parameter.
For v1.0 endpoints, there is generally no need to use the /.default scope,you need to add the /.default scope only when you use the v2.0 endpoint to get the token.
So you can use this token with confidence,this has no impact.
