I've registered a web application in Azure Portal, granted it a Contacts.Read permission, gave it an administrator consent and now trying to list personal contacts of a particular user with Microsoft Graph REST API v1.0 using this application.
At first i'm trying to get an access token by sending POST request to
https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token with following body parameters: scope=https://graph.microsoft.com/contacts.read, grant_type=client_credentials, my client_id and my client_secret.
In response i'm getting an error 400 Bad Request. Body:
{"error":"invalid_scope","error_description":"AADSTS70011: The provided request must include a 'scope' input parameter. The provided value for the input parameter 'scope' is not valid. The scope https://graph.microsoft.com/contacts.read is not valid."}
When i'm replacing scope parameter in token request like this: scope=https://graph.microsoft.com/.default, i'm actually receiving 200 OK and my Bearer token in response.
But when i'm requesting user personal contacts by sending GET request to https://graph.microsoft.com/v1.0/users/{user_id}/contacts with this token, i'm getting 401 Unauthorized in response with following error:
"code": "NoPermissionsInAccessToken",
"message": "The token contains no permissions, or permissions can not be understood.",
I've also tried to replace the scope value in my token request with {app_id_uri}/.default and {app_id_uri}/contacts.read with no luck.
So how do i list user personal contacts using Microsoft Graph REST API v1.0? What am i doing wrong?
EDIT: Permissions screenshot:
contacts.readpermission? – Joy Wang-MSFT