The application asked for scope that doesn't exist on the resource

Sai Shashank 25 Reputation points
2023-08-28T09:30:24.1966667+00:00

Hi,

I am implementing a login with Microsoft on my Saas application. Here is the error I get when I try to get the OAuth token :

invalid_client error_description=AADSTS650053: The application 'XXX' asked for scope 'CallRecord-PstnCalls.Read.All' that doesn't exist on the resource '00000003-0000-0000-c000-000000000000'. Contact the app vendor.

Pasted Graphic

Supported account types: All Microsoft account users.

I tried to add API permissions matching the scope I use, but it didn't help.

User's image

Under Enterprise applications > LeadSquaredTeamAppTest > Permissions
User's image

Permissions are present. Let me know if I'm missing on something else.

Thank you for you help

Microsoft Authenticator
Microsoft Authenticator
A Microsoft app for iOS and Android devices that enables authentication with two-factor verification, phone sign-in, and code generation.
6,572 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,292 questions
0 comments No comments
{count} votes

Accepted answer
  1. Domooney-MSFT 2,586 Reputation points Microsoft Employee
    2023-08-30T08:57:10.9633333+00:00

    Hi @Sai Shashank ,

    Thank you for posting your query on Microsoft Q&A.

    It looks like you are calling application permissions in the scopes for a user authentication flow. Users will receive delegated permissions after a successful authentication, not application permissions.

    There is a brief description between the differences here - https://learn.microsoft.com/en-us/graph/auth/auth-concepts#microsoft-graph-permissions

    Looking at the permissions referemce for this API call it seems delegated is not supported - https://learn.microsoft.com/en-us/graph/api/callrecords-callrecord-getpstncalls?view=graph-rest-1.0&tabs=http

    So I believe you will need to make this API call under the context of the application, not the signed in user.

    Do let me know if you have any further questions, I would be happy to help!

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.