This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 39%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Error Acquiring Token:
MSAL.NetCore.4.50.0.0.MsalServiceException:
ErrorCode: invalid_scope
Microsoft.Identity.Client.MsalServiceException: AADSTS70011: The provided value for the input parameter 'scope' is not valid. The scope 'https://outlook.office.com/EWS.AccessAsUser.All offline_access openid profile' is not configured for this tenant.
Trace ID: 09c9488e-0a1a-4a52-9e1c-894aef88bc01
Correlation ID: bbebb9ce-b163-46ce-bfcb-74edf0d30e62
Timestamp: 2023-05-08 09:40:26Z
what the problem? should i config for everyone?
Judging by the error message, likely the tenant you're using does not have a valid Exchange Online subscription. Make sure this isn't indeed the case. If you are just trying things in a demo tenant, sign up for a free O365/M365 trial to get Exchange enabled in the tenant.
Otherwise, share the actual code you're using to obtain the token.
"requiredResourceAccess": [
{
"resourceAppId": "00000002-0000-0ff1-ce00-000000000000",
"resourceAccess": [
{
"id": "3b5f3d61-589b-4a3c-a359-5dd4b5ee5bd5",
"type": "Scope"
},
{
"id": "bbd1ca91-75e0-4814-ad94-9c5dbbae3415",
"type": "Scope"
}
]
},
{
"resourceAppId": "00000003-0000-0000-c000-000000000000",
"resourceAccess": [
{
"id": "7427e0e9-2fba-42fe-b0c0-848c9e6a8182",
"type": "Scope"
},
{
"id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d",
"type": "Scope"
},
{
"id": "1ec239c2-d7c9-4623-a91a-a9775856bb36",
"type": "Scope"
},
{
"id": "37f7f235-527c-4136-accd-4a02d197296e",
"type": "Scope"
}
]
}
]
private static string ClientId = "cdf8b70a-b460-43a1-adba-06d9c95e6134";
private static string Tenant = "common";
private static IPublicClientApplication _clientApp;
_clientApp = PublicClientApplicationBuilder.Create(ClientId)
.WithAuthority(AzureCloudInstance.AzurePublic, Tenant)
.WithRedirectUri("https://login.microsoftonline.com/common/oauth2/nativeclient")
.WithLogging(logCallback, LogLevel.Always, true)
.Build();
login with my personal account failed, but it's ok when Tenant = "consumers".
So I think it is a configuration problem of Azure Active Directory.
If by personal account you mean your MicrosoftID, that's expected - EWS access is only supported in M365. And again, the M365 tenant must have a valid Exchange subscription.
to support personal account and work or school account login, what need i do?
should i use my Azure Active Directory account buy a Exchange subscription?
EWS is simply not supported for personal Microsoft accounts, only for Office 365 ones.
ok, my application like apple's calendar. i want query the calendar and event by ews.
i just need a useful token for ews and it's works on apple's calendar.
Tenant = "common" not ok
Tenant = "consumers" ok
if EWS is simply not supported for personal Microsoft accounts, How to explain this situation when Tenant = "consumers"
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 68%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
Som facts regarding this:
Looks like Apple clientId might have a special deal to access personal Outlook accounts with EWS + OAuth. @Vasil Michev any idea?