AADSTS50020: The portal is having issues getting an authentication token. The experience rendered may be degraded.

Gabriel Pillay 61 Reputation points

I hope you are well.

I have looked at multiple previous answers including: https://learn.microsoft.com/en-us/answers/questions/1026743/error-aadsts50020.html, but I am still struggling to resolve my issue.

I am trying to request an access token with the Calendars.ReadWrite.Shared scope. When using authentication flows: acquire_token_by_authorization_code and initiate_device_flow, I get a token with only the basic scopes or, I am told the codes have expired. I cannot access my Azure Active Directory (403) nor can I access Exchange Admin Center (Selected user account does not exist in tenant 'Microsoft Services').

Failed attempts at fixing the issure:

  • Changing my Azure permissions.
  • Creating a new outlook account, registering a new app and requesting the scope (this resulted in the same Tenant ID as the first app - which I do not understand, please can this be explained)
  • Requesting different scopes (I found that there are about 6 scopes which are all returned when requesting a token with any one of the 6 working scopes, I have allowed 10 API permissions. If I request an access token with a scope outside the 6, it is not returned successfully)

I do not understand how tenants work.
Any help with regards to the issue and contributions to understanding would be appreciated.

Have a great day!

Error log info:
Trace ID: 51cd16f4-64cd-46d7-888b-09a054da4100
Correlation ID: d9b779e7-8fe8-42df-bea1-830482deee3b
Timestamp: 2022-10-27 07:53:28Z

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,914 questions
Microsoft Graph Calendar API
0 comments No comments
{count} votes

Accepted answer
  1. HarmeetSingh7172 4,786 Reputation points

    Hello @Gabriel Pillay

    Thanks for reaching out!

    Based on my research on this issue, there could be multiple reasons you are facing this error.

    • Generally, error AADSTS50020 comes when a user is not authorized to call an endpoint. Make sure to use right auth token with right permissions (Please note that Calendars.ReadWrite.Shared is a Delegated permission). Refer this Permissions document to know more about it.
    • You're trying to login to an application in your tenant with a user account which is not a part of your tenant. In this case, user account needs to be added as an external user in the tenant first. Refer this documentation to know more on this.

    To add guest users to an application, follow this document.


    Hope this helps.

    If the answer is helpful, please click Accept Answer and kindly upvote. If you have any further questions about this answer, please click Comment.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful