AADSTS50020: The portal is having issues getting an authentication token. The experience rendered may be degraded.

Question

AADSTS50020: The portal is having issues getting an authentication token. The experience rendered may be degraded.

Gabriel Pillay 61

Hello,
I hope you are well.

I have looked at multiple previous answers including: https://learn.microsoft.com/en-us/answers/questions/1026743/error-aadsts50020.html, but I am still struggling to resolve my issue.

I am trying to request an access token with the Calendars.ReadWrite.Shared scope. When using authentication flows: acquire_token_by_authorization_code and initiate_device_flow, I get a token with only the basic scopes or, I am told the codes have expired. I cannot access my Azure Active Directory (403) nor can I access Exchange Admin Center (Selected user account does not exist in tenant 'Microsoft Services').

Failed attempts at fixing the issure:

Changing my Azure permissions.
Creating a new outlook account, registering a new app and requesting the scope (this resulted in the same Tenant ID as the first app - which I do not understand, please can this be explained)
Requesting different scopes (I found that there are about 6 scopes which are all returned when requesting a token with any one of the 6 working scopes, I have allowed 10 API permissions. If I request an access token with a scope outside the 6, it is not returned successfully)

I do not understand how tenants work.
Any help with regards to the issue and contributions to understanding would be appreciated.

Have a great day!

Error log info:
Trace ID: 51cd16f4-64cd-46d7-888b-09a054da4100
Correlation ID: d9b779e7-8fe8-42df-bea1-830482deee3b
Timestamp: 2022-10-27 07:53:28Z

Answer 1

Hello @Gabriel Pillay

Thanks for reaching out!

Based on my research on this issue, there could be multiple reasons you are facing this error.

Generally, error AADSTS50020 comes when a user is not authorized to call an endpoint. Make sure to use right auth token with right permissions (Please note that Calendars.ReadWrite.Shared is a Delegated permission). Refer this Permissions document to know more about it.
You're trying to login to an application in your tenant with a user account which is not a part of your tenant. In this case, user account needs to be added as an external user in the tenant first. Refer this documentation to know more on this.

To add guest users to an application, follow this document.

References:
https://learn.microsoft.com/en-us/answers/questions/790333/error-code-aadsts50020-while-access-to-the-aad-con.html
https://learn.microsoft.com/en-us/azure/active-directory/external-identities/add-users-administrator
https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/error-code-aadsts50020-user-account-identity-provider-does-not-exist

Hope this helps.

If the answer is helpful, please click Accept Answer and kindly upvote. If you have any further questions about this answer, please click Comment.

Gabriel Pillay 61 Reputation points

2022-11-01T08:32:10.677+00:00

Thanks @HarmeetSingh7172 .

Following the documentation, 1, when I "select Azure Active Directory" I receive a 403 error although I can view the app registration.

The problem is no longer an urgent issue because I have deployed my code on a colleagues Azure-registered app with no issues. However, I would like to resolve this issue for future work on my Azure account. Could you perhaps offer one more word of advice for troubleshooting my 403 error when I click on Azure Active Directory? Thereafter I plan to accept an answer and move on from this question :).

Have a great day,
Gabriel Pillay

AADSTS50020: The portal is having issues getting an authentication token. The experience rendered may be degraded.

0 additional answers

Activity