I added api permerssions in Azure AD, but when I get the token,and showed it in jwt.ms, the scopes field doesn't change

Question

No matter how many api permissions I added in the Azure Active directory for my application, There are only the default four scopes : "offline_access openid profile User.Read".

I added some api permissions such as "Calendars.Read"，but the token always shown in jwt.ms as follows.

    "scp": "offline_access openid profile User.Read",

But after I added api permissions, I think it should be:

  "scp": "offline_access openid profile User.Read Calendars.Read Calendars.ReadWrite"

Tony Ju Tony Ju · Accepted Answer · 2019-07-18T10:02:18

You need to grant consent again. You can force user consent through a url request or just click 'grant admin consent button' in azure portal. See my answer here.

https://login.microsoftonline.com/{tenant}/oauth2/authorize? client_id={your_client_id} &response_type=code &response_mode=query &resource=https://graph.microsoft.com &state=12345 &prompt=consent

I added api permerssions in Azure AD, but when I get the token,and showed it in jwt.ms, the scopes field doesn't change

1 Answers