scopes in azure AD different from scopes in application (Microsoft Graph Api)

0
votes

I'm trying to access files in OneDrive using Microsoft Graph api,

In my Azure AD I gave the following permissions:enter image description here

And in my application I have the following code: enter image description here

However when I run the application it's giving me the following error:

Error getting access token: AADSTS70011: The provided value for the input parameter 'scope' is not valid. One or more scopes in 'https://graph.microsoft.com/.default offline_access profile openid' are not compatible with each other. Even tho I didn't give offline_access profile openid permissions anywhere else.

Even if I change _scopes to private string[] _scopes = new string[4]{"User.Read","Files.ReadWriteAll.All","Files.Read","Files.ReadWrite.AppFolder"} I would still get the same error but "https://graph.microsoft.com/.default" would be replaced with the above values.

1
c#azure-active-directorymicrosoft-graph-apiazure-ad-graph-api

1 Answers

1
votes

According to the information you provide, the scope you use is not right. It should be private string[] _scopes = new string[4]{"User.Read","Files.ReadWrite.All","Files.Read","Files.ReadWrite.AppFolder"}.

For example

  1. Regaister Azure AD application

  2. Enable device code flow enter image description here

  3. Code


            var client = PublicClientApplicationBuilder
                .Create("")
                .WithAuthority( AadAuthorityAudience.AzureAdMyOrg)
                .WithTenantId("consumers")
                .Build();

            var scopes = new string[] { "User.Read", "Files.ReadWrite.All" , "Files.ReadWrite.AppFolder", "Files.Read" };
           await  client.AcquireTokenWithDeviceCode(scopes, deviceCodeResult =>
            {
                Console.WriteLine(deviceCodeResult.Message);
                return Task.FromResult(0);

            }).ExecuteAsync();

enter image description here