We have a multi tenant registered application in Azure AD, lets call it Tenant A and we are trying to get access to the resources without the user by graph API. Using following details, We successfully get the Token, if we try to work with resources for example create files or folder on a main tenant (tenant A). But if we run the same code for another tenant for example tenant B (which is one of the tenantA 's tenant), we are getting error: "AccessDenied: Either scp or roles claim need to be present in the token." And indeed there is no roles defined in the token.
I am wondering what I am doing wrong here? Do I need to set permissions/roles for tenantB as well?
url: https://login.microsoftonline.com//oauth2/v2.0/token scope: https://graph.microsoft.com/.default grant_type: client_credentials client_id: client_secret: <tenantA-client_secret>
"{
"error": {
"code": "AccessDenied",
"message": "Either scp or roles claim need to be present in the token.",
"innerError": {
"date": "2021-02-04T14:28:13",
"request-id": "ca4565f7-aa56-4b00-9f46-09884ad39ff6",
"client-request-id": "ca456ufo-ab5m-4b99-9f46-09pp4ad39ff6"
}
}
}"
scopes for tennat A:
