Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
7,114 questions
401 , while calling /Me endpoint in Micrsoft graph API while having msads.manage scope
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(156.8, 43%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDB%3C/text%3E%3C/svg%3E)
Dev Blendr
1
Reputation point
Reproducible steps:
- Getting Authorization code using below GET endpoint
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=X&response_type=code&redirect_uri=X&scope=https://ads.microsoft.com/msads.manage offline_access openid profile
2) Access token generated using below POST request
curl --location --request POST 'https://login.microsoftonline.com/common/oauth2/v2.0/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Cookie: fpc=ASA; stsservicecookie=aas; x-ms-gateway-slice=as' \
--data-urlencode 'client_id=X' \
--data-urlencode 'client_secret=X' \
--data-urlencode 'redirect_uri=https://X/callback' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'scope=https://ads.microsoft.com/msads.manage offline_access openid profile' \
--data-urlencode 'code=X'
3) Get campaign(Bing ads) API works fine but Microsoft Graph API doesn't work.
Getting 401 with above access token in Microsoft Graph API
curl --location --request GET 'https://graph.microsoft.com/v1.0/me' \
--header 'Authorization: Bearer X'
Response:
{
"error": {
"code": "InvalidAuthenticationToken",
"message": "CompactToken parsing failed with error code: 80049217",
"innerError": {
"date": "2021-07-27T12:41:46",
"request-id": "0f4981a9-c6df-4ba5-9feb-1b28933fac3e",
"client-request-id": "0f4981a9-c6df-4ba5-9feb-1b28933fac3e"
}
}
}
FYI: If we add user.read mail.read scope in POST endpoint(To get access token), we get below error
{
"error": "invalid_scope",
"error_description": "AADSTS70011: The provided value for the input parameter 'scope' is not valid. One or more scopes in 'https://ads.microsoft.com/msads.manage offline_access openid profile user.read' are not compatible with each other.\r\nTrace ID: de3f2a55-9cad-4ce1-9be4-817bcc56a400\r\nCorrelation ID: a91ce067-a6eb-40a9-b70e-2585f952f334\r\nTimestamp: 2021-07-27 12:36:04Z",
"error_codes": [
70011
],
"timestamp": "2021-07-27 12:36:04Z",
"trace_id": "de3f2a55-9cad-4ce1-9be4-817bcc56a400",
"correlation_id": "a91ce067-a6eb-40a9-b70e-2585f952f334"
}
Please let us know which scope is compatible with msads.manage in order to successfully run GRAPH API
Sign in to answer