The permissions you've granted correspond to the Delegate permissions model, whereas you seem to be using the client credentials (application permissions) flow to obtain a token. Either add the same permissions, but in the application permissions model, or use one of the user-centric flows to obtain a token. For example: https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
Getting -"Either scp or roles claim need to be present in the token" and Access Denied while using Graph API to upload files to sharepoint
Initially when I tried to generate the token using the url - https://login.microsoftonline.com/tenant-id/oauth2/v2.0/token I was able to fetch the Bearer token using grant_type, client_id, scope and client_secret in the body.
But when I tried to fetch the driver_id using the url - https://graph.microsoft.com/v1.0/drives and Authorization in Headers, I am facing the following error :
"error": {
"code": "AccessDenied",
"message": "Either scp or roles claim need to be present in the token.",
"innerError": {
"date": "2022-12-12T10:44:02",
"request-id": "45bxxxxxxxxxxx38e3c23e38",
"client-request-id": "45b1xxxxxxxxx8-7d38e3c23e38"
}
}
}
The API permissions that I have granted are:
I tried to decode the token as well through the decoder site but could not find any roles.
I am not able to figure out the mistake.
Thankyou
Microsoft Security | Microsoft Graph
2 answers
Sort by: Most helpful
-
Vasil Michev 119.9K Reputation points MVP Volunteer Moderator
2022-12-12T14:31:38.813+00:00 -
Lab Admin 2 0 Reputation points
2025-03-12T04:47:43.43+00:00 Hi, here the problem is with the Graph API permissions in the Azure App registration. Here is the YouTube video for this how to fix this issue:
How to fix this error "Either SCP or Roles Claim need to be present in the token" - https://youtu.be/YJ_RcdRl2-g
How to upload file to SharePoint using Graph API and Postman tool: https://youtu.be/uiUdZDfhbRw