I am trying to setup an API to be protected using Oauth 2.0 in Azure AD. I follow the steps in here: https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow.
The API has one scope - one application permission defined. I am able to add the API permission successfully to the client app, and have selected the right scope, as shown in the screenshot.
However, when I test the web app, after authentication the below error is thrown:
The application OAuthClientApp asked for scope approle that doesn t exist on the resource 2700000003-0000-0000-c000-000000000000. Contact the app vendor.