587 questions
You would need to assign the app the Exchange role directly:
https://office365itpros.com/2022/10/13/exchange-online-powershell-app/
The application 'my-app' asked for scope 'Exchange.ManageAsApp' that doesn't exist on the resource '00000003-0000-0000-c000-000000000000'.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 51%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAG%3C/text%3E%3C/svg%3E)
Abhishek Goyal
246
Reputation points
My scenario is that, I want to request some scopes on my azure ad app from customer. Some of them are Graph API scope(e.g. Directory.AccessAsUserAll) and some of them are Exchange Online API scope(e.g. Exchange.ManageAsApp). I try this using node.js code but got the error "The application 'my-app' asked for scope 'Exchange.ManageAsApp' that doesn't exist on the resource '00000003-0000-0000-c000-000000000000'." .
passport.use(new OIDCStrategy({
identityMetadata: config.creds.identityMetadata,
clientID: config.creds.clientID,
responseType: 'code id_token',
responseMode: 'form_post',
redirectUrl: config.creds.redirectUrl,
allowHttpForRedirectUrl: true,
clientSecret: config.creds.clientSecret,
scope: ["User.ReadWrite.All" , "Group.ReadWrite.All","offline_access", "Directory.AccessAsUser.All", "Exchange.ManageAsApp"],
passReqToCallback: false
},
function (iss, sub, profile, accessToken, refreshToken, done) {
// Authentication successful
// accessToken contains the access token for the requested resource with the requested scope
done(null, profile);
}
));
Also tried to give scope like that:
scope: ["User.ReadWrite.All" , "Group.ReadWrite.All","offline_access", "Directory.AccessAsUser.All", "https://outlook.office365.com/Exchange.ManageAsApp"],
I think one problem is that the resource is different for Graph and Exchange Online Graph Api resource id - 00000003-0000-0000-c000-000000000000 Exchange Online resource id - 00000002-0000-0ff1-ce00-000000000000 I give the necessary permission to my app and also customer have that permissions. The scopes that comes under Graph API does not through any error. I also gone through various references for that but got no solution on that. Please help me with that how can I add the scope(Exchange.ManageAsApp) using my code.
Exchange | Exchange Server | Development
Microsoft Security | Microsoft Graph
13,728 questions
2 answers
Sort by: Most helpful
-
Andy David - MVP 157.8K Reputation points MVP Volunteer Moderator2023-04-06T12:11:12.77+00:00 -
Abhishek Goyal 246 Reputation points
2023-04-06T12:55:54.2533333+00:00 But, I have to setup app in different customer's azure ad so for that I need to ask for scope because assigning role, manually, is not possible.
Sign in to comment -
-
Abhishek Goyal 246 Reputation points
2023-04-12T05:57:05.61+00:00 I got my answer after more research on that. I use scopes of two resources simultaneously that is not allowed because the audience claim for access token can only of one type either it is Microsoft graph resource or exchange resource that's why I got that error. Now, it is solved