Share via

The application asked for scope 'wl.basic,wl.emails' that doesn't exist on the resource

Selim Irez 21 Reputation points
2020-09-18T12:22:10.177+00:00

Hi, I'm using the AAD to integrate SSO in to a PHP application;

For integration I'm using oauth2-microsoft

When I hit the designated endpoint, I get the Microsoft login screen but when the password is entered I get the error message;

AADSTS650053: The application 'XXXXXX' asked for scope 'wl.basic,wl.emails' that doesn't exist on the resource '00000003-0000-0000-c000-000000000000'. Contact the app vendor.

This error makes me think the issue is caused by the Application API Permissions as my app is requesting the mentioned info, but such permissions dont exist on the resource on the AAD end. From what I can see they should be included in Microsoft Graph > User.Read , which is enabled as a permission already.

I will really appreciate any help!

Microsoft Security | Microsoft Entra | Microsoft Entra ID
Accepted answer
  1. soumi-MSFT 11,831 Reputation points Microsoft Employee Moderator
    2020-09-18T15:54:56.62+00:00

    @Selim Irez , thank you for reaching out. You are absolutely correct. The following error is coming up as the scopes mentioned in the request "wl.basic,wl.emails" are not valid scopes for the Graph API resource [ Resource Name: Microsoft Graph ---> Endpoint: https://graph.microsoft.com ---> App ID: 00000003-0000-0000-c000-000000000000]

    Valid scopes for Graph API looks something:

    • Read a user's calendar by using Calendars.Read
    • Write to a user's calendar by using Calendars.ReadWrite
    • Send mail as a user using by Mail.Send

    You can read more on Scopes, Permissions and Consent here: https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent

    You can also try adding the following "https://graph.microsoft.com/.default " as value to your scope parameter. This would pull all the permissions that you have added for Graph API in the app registration done in AAD.

    Hope this helps.

    Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.