This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 38%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Steps to reproduce:
"loginParameters": [
"response_type=code id_token",
"scope=openid offline_access profile https://graph.microsoft.com/User.Read https://sql.azuresynapse-dogfood.net/user_impersonation"
]
Now trying to load the site, it just fails after you authenticate, no message no nothing.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(249.60000000000002, 12%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERL%3C/text%3E%3C/svg%3E)
Testing testing. Why the last answer I wrote and posted is not visible? Never mind.
You are attempting to get a token for two different resources. That simply won't work. Any given token is only good for one resource.
When needing to work with more than one resource, you better use MSAL which defer the resource (scope) parameter to their acquire token methods, so that you can acquire different token in your different code path accordingly.
Well that sucks, so using easy auth I can only access azure sql as the ad authed user OR detailed graph info about the ad authed user, not both. Ungh. I guess I’ll just give it ad access to sql server and app level admin access to graph read all users. I care more about sql security than devs accessing ad stuff.