how to pass scope in api while generating token for azure AD
I'm able to generate access token using postman. But, I need to generate the token from API. I tried to get the token using api referring microsoft document on how to generate access token. But getting the below error while running the post request for oauth2.0
Error --
{
"error": "invalid_scope",
"error_description": "AADSTS70011: The provided request must include a 'scope' input parameter. The provided value for the input parameter 'scope' is not valid. The scope api://f653b343-fe0a-422d-b4a8-f36346a3156b/Access.As.User is not valid.\r\nTrace ID: ce5c37f6-57c0-44f6-b265-ccc68602ba00\r\nCorrelation ID: a44a64c1-9277-40e3-b855-ee0abbe44ab6\r\nTimestamp: 2020-11-11 11:54:49Z",
"error_codes": [
70011
],
"timestamp": "2020-11-11 11:54:49Z",
"trace_id": "ce5c37f6-57c0-44f6-b265-ccc68602ba00",
"correlation_id": "a44a64c1-9277-40e3-b855-ee0abbe44ab6"
}
Scopes --
But the same thing works in postman when with authorization using oauth2.0, I'm able to generate the token. Please help with the post request which fetches the bearer token from azure AD.
In Client credential flow the scope parameter in the request should be, Scope =api://{your-appid}/ .default (Suffix) . Please refer Ms Document that also mentions the same.
According to the screenshot you have shared all permissions assigned are delegated permissions.Since, Client credential flow only supports application permissions and this is the reason you are facing 401, unauthorized issue.Please Add the application permissions to fix this issue.
- Azure C# Cosmos DB: Property "id" is missing when it's actually present
- Azure Permission - needed for creating resource group - RBAC
- Unable to locate executable file: 'bash'. Please verify either the file path exists
- Can the Azure Service Bus be delayed before retrying a message?
- azure documentdb create document duplicates Id property
- JWT validation failure error in azure apim
- Azure App Service and Application Insights where is performance test?
- Is it possible to have a non-interactive code that logs in to Azure and creates users in Microsoft Entra ID?
- Change Default Service Version of Microsoft Azure Blob - PHP
- Microsoft Graph: How to filter users by domain name
- Azure App Service Plan CPU Spikes to 100%
- Unable to Authenticate to DevOps API with Angual MSAL
- Azure Databricks: Not able to parameterize keys option of dlt.apply_changes
- ASP.NET Core 3.1 Azure AD Authentication throws OptionsValidationException
- Attaching a private static ip address to Azure Container Instance
- Azure Synapse severless SQL pool - query execution fails
- How to login via Service Principal having Federated Credentials rather than Client Secrets
- Where can I find the resource id of an Azure function app in the Azure portal?
- How to forward access-control-allow-origin header from a Web App to a Front Door?
- Basic SQL commands in Terraform
- Linux Azure Webjob in nodejs referring to node.exe
- Running Azure functions locally gives "No runtime" error after .NET7 upgrade
- Azure DataSync tables not showing up
- Azure ML: Unable to find workspace
- unable to start 'Docker for windows' on Azure Win 10 VM
- How to enable virtualization in Azure VM
- Configuring AppSettings with ASP.Net Core on Azure Web App for Containers: Whither Colons?
- how to get v2 type token using msal python
- The mock in my pester test keeps calling Connect-AzAccount
- HttpResponseError in Azure Ai search