Share via

Why app id uri not working in scope instead app id working

Ansamma Thomas 0 Reputation points
2023-06-23T16:56:53.42+00:00

I am trying to call a Web api from another using delegated permission, both registered in azure ad. The api I am trying to call is a very old api, using v1 end point. My api uses v2 end point. When I use appId/.default as scope I am successfully authorise and call the old api from my api. When I use appIdUrl/.default I am getting invalid scope. Why appIdUrl/.default as scope failing?

Microsoft Security Microsoft Entra Microsoft Entra ID

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Shweta Mathur 30,296 Reputation points Microsoft Employee Moderator
    2023-06-26T05:47:12.32+00:00

    Hi @Ansamma Thomas ,

    Thanks for reaching out.

    I understand you are trying to call webAPI 1 (using v2 endpoint) to call webAPI 2(using v1 endpoint) and getting error while passing appIdUrl/.default in scope.

    This is expected as when you use the appId/.default scope, MSAL uses the v1 endpoint to acquire a token for the resource. However, when you use the appIdUrl/.default scope, MSAL uses the v2 endpoint to acquire a token for the resource.

    Here you want to acquire a token for all the static scopes of a v1.0 application which requires appIdURL of the API when calling the v1 endpoint.

    The reason you are getting an invalid scope error when using appIdUrl/.default is that the v1 endpoint does not recognize the appIdUrl format.

    So, to summarize, if you are calling a v1 endpoint, you should use the appId/.default scope, and if you are calling a v2 endpoint, you should use the appIdUrl/.default scope.

    https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-v1-app-scopes

    Hope this will help.

    Thanks,

    Shweta

    Please remember to "Accept Answer" if answer helped you.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.