MSAL : AADB2C90146 : 'Openid profile' provided in request specifies more than one resource for an access token, which is not supported'

Question

When trying to use

this.clientApplication.acquireTokenSilent(scopes)...

I have multiple scopes I am passing in although I receive the error :

AADB2C90146 : The scope 'https://xxx.onmicrosoft.com/xxx/user_impersonation https://xxx.onmicrosoft.com/xxx/user_impersonation openid profile' provided in request specifies more than one resource for an access token, which is not supported.

How am I able to silently get a new token using the MSAL.js library for multiple scopes? I was able to do so initially with the

 this.clientApplication.loginRedirect(this.tenantConfig.b2cScopes);

Is this possible at this time?

Thanks,

Daniel Dobalian Daniel Dobalian · Accepted Answer · 2018-03-19T14:54:30

Access tokens are tied to a resource. If you specify multiple scopes that map to multiple resources, MSAL doesn't know which one to get an access token for since there's some ambiguity.

For example,

Scope A.0, Scope A.1 belong to Resource A

Scope B.0 belong to Resource B

Requests would need to be:

// Access tokens for Resource A acquireTokenSilent([Scope A.0, Scope A.1])

// Access tokens for Resource B acquireTokenSilent([Scope B.0])

MSAL : AADB2C90146 : 'Openid profile' provided in request specifies more than one resource for an access token, which is not supported'

1 Answers