Why are my Graph API scopes not updating after changing them in the Azure Portal?
Initially I had about 3 permissions; but I removed the other two. Below is the current image of the permissions.
When I run my code, I've detected the following output in the logs Response [548647b9-15fd-4888-8a81-bb9f894c9a6b] content: {"token_type":"Bearer","scope":"profile openid email https://graph.microsoft.com/Sites.Read.All https://graph.microsoft.com/Sites.ReadWrite.All https://graph.microsoft.com/User.Read"
It's showing the other two permissions!!
I'm using the InteractiveBrowserCredential class and saving the returned token. Maybe I need to do something about the Browser cache, but maybe there was a step I missed after I cleared the cookies and other site data.
If you remove some permissions in the app registration, this has no effect on what the user has already consented to.
The easiest way out - remove the "Enterprise Application" for your app (i.e. not the app registration but the "instance" of the app in your azure, and consent again.
In fact, the connection between what's there in the list you show in the screenshot and what the user has actually consented to is pretty loose, the list above is just the default. You may have an empty list there and then request user consent explicitly with scopes when authenticating the user, and this way your app may have all the permissions it needs, although the section above will be still empty.
