API Permissions not updated when using Microsoft Graph

Al Ghiffari 0 Reputation points
2024-07-19T04:13:16.27+00:00

I have an App Registration that has two API permissions. I want to use this permission to access some information about the user in my apps.

User's image

I have already integrated this app registration into my web apps in Azure Portal. I am adding this in the Authentication section on the Web Apps page.

User's image But the problem is I still can't use the access token from the Authentication to get the information based on the permission that I already created before. I have checked the access token in https://jwt.ms/, but the scope is still not updated.

User's image

I already restarted the Web Apps and tried to recreate the App Registration several times. Someone said that it may be because of the delay but it still has not changed. How can I update the permission so I can get the access token with the correct permission?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,271 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,908 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,111 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Navya 12,250 Reputation points Microsoft Vendor
    2024-07-24T07:09:32.75+00:00

    Hi @Al Ghiffari

    Thank you for posting this in Microsoft Q&A.

    I understand you're attempting to obtain API permissions with Microsoft Graph, but the scope value is not being updated in the access token.

    From your screenshot, "Calendars.Read" and "User.Read" are delegated permissions. These are user permissions that require a logged-in user to receive delegated permissions in the OAuth 2.0 authorization code flow.

    Ensure you have included the scope 'Calendars.Read' when requesting the authorization code and access token.

    Request an authorization code

    https://login.microsoftonline.com/{tennat_id}/oauth2/v2.0/authorize?
    client_id={clent_id}
    &response_type=code
    &redirect_uri=https://login.microsoftonline.com/common/oauth2/nativeclient
    &response_mode=query
    &scope=Calendars.Read
    
    

    You will receive a code as shown below; use the code to obtain an access token.

    https://login.microsoftonline.com/common/oauth2/nativeclient?code=0.AQEAY-2yG4SC3Uiprd4Riu4ytk6lC7hx6fVLiChkvaSGqSu8AOA.AgABBAIAAAApTwJmzXqdR4BN2miheQMYAgDs_wUA9P_Lx-5u-a-Zc2z8I3IQhoLRnIZesltlH4-VnhM3qEc6_7XhhdTEvh1Mc_Tm6PtfTU31__vIkrErJiU9Mm53euvgT2jOIBHnercNxU9vZwza9DrFN5kV2IY0bgwTj3Qf4k-wrMesFqN2UAIHaRnnGmwYbkxEhP74unprEb2MUL46p2jpg1N98lZnLjsZeuFdLlaaRfAuyUCenIp

    Request an access token.User's image

    Checked in jwt.ms Successfully obtained Calendars. Read scope in the access token.

    User's image

    Hope this helps. Do let us know if you any further queries.

    Thanks,

    Navya.

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further query do let us know.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.