AADSTS28004: The provided value for the input parameter 'scope' exceeded the number of scopes allowed
I'm using spring-cloud-azure-starter-active-directory to integrate my webapp with azure AAD.
Previously my web app only need 3 api services, but when I add 1 more (webApi-4) I get this issue. Is there any way to get out of this? I google for a while but can not find the solution.
This is my configuration yaml:
For sample, I used the below authorize endpoint to authorize the users:
https://login.microsoftonline.com/TenantID/oauth2/v2.0/authorize?
&client_id=ClientID
&response_type=code
&redirect_uri=https://jwt.ms
&response_mode=query
&scope=profile openid offline_access api://xxx/BEApp.access api://xxx/claim.read api://xxx/jango-test-api api://xxx/group.read
&state=12345
And got the same error as below:
The error "AADSTS28004: The provided value for the input parameter 'scope' exceeded the number of scopes allowed" usually occurs if you are scopes more than 3 resources in your login request. Refer this GitHub Blog by tnorling.
Note that: If the web APIs have different applications, then you need to generate the access token separately as one token can only be issued to one audience. You cannot acquire access token for multiple audience Refer this SO Thread by me.
You can make use of client credential flow and assign app role to the user like below:
Created a Microsoft Entra application and added an app role:
Exposed and API and added scope:
Granted API permissions:
Add the user to the role in the Enterprise application:
Generated auth-code:
https://login.microsoftonline.com/TenantID/oauth2/v2.0/authorize?
&client_id=ClientID
&response_type=code
&redirect_uri=https://jwt.ms
&response_mode=query
&scope=api://ID/.default
&state=12345
Generated tokens like below:
https://login.microsoftonline.com/TenantID/oauth2/v2.0/token
client_id:ClientID
scope:api://ID/.default openid offline_access
grant_type:authorization_code
code:code
redirect_uri:https://jwt.ms
client_secret:Secret
When I decoded the access token roles and scp is present:
Otherwise, you can also make use of client credential flow and assign app role to user.
- Keep numbers which appear in both columns, in J lang
- Differentiation in J
- How to reshape an array with an arbitrary size in one dimension?
- Why is Insert (fold) right associative
- Write 4 : 'x&{.&.;: y' tacitly
- Alignment issue when printing formatted prime numbers in J language
- How can I define a verb in J that applies a different verb alternately to each atom in a list?
- How to get user input in the J programming language
- How to unbox a list of boxed lists of differing lengths in J?
- How can I fix 'noun result was required' error in J?
- In j, how can I define a verb locally in one scope and pass it to a defined adverb?
- Convert boxed array to normal array?
- Read column of CSV file as array
- Replace atom in array of strings
- What does the dyad `=` do to boxed strings?
- Index of minimum element using J
- How can I take the outer product of string vectors in J?
- Building an array of verbs in J
- Reading in multidigit command line parameter
- Amend with bond to new data shows unexpected behaviour
- How to turn a table or matrix into a (flat) list in J
- How to run dissect in J?
- How to define selection using index function in J
- How to exit the J console?
- Find 4-neighbors using J
- Writing custom verbs in J
- How do I negate a selector in J lang?
- How to use arbitrary selector in interchange in J lang?
- different result once square root is added inside tacit
- Sum of arrays with repeated indices