The application asked for scope that doesn't exist on the resource

Question

Hi,

I am implementing a login with Microsoft on my Saas application. Here is the error I get when I try to get the OAuth token :

invalid_client error_description=AADSTS650053: The application 'XXX' asked for scope 'CallRecord-PstnCalls.Read.All' that doesn't exist on the resource '00000003-0000-0000-c000-000000000000'. Contact the app vendor.

Supported account types: All Microsoft account users.

I tried to add API permissions matching the scope I use, but it didn't help.

Under Enterprise applications > LeadSquaredTeamAppTest > Permissions

Permissions are present. Let me know if I'm missing on something else.

Thank you for you help

Answer 1

Hi @Sai Shashank ,

Thank you for posting your query on Microsoft Q&A.

It looks like you are calling application permissions in the scopes for a user authentication flow. Users will receive delegated permissions after a successful authentication, not application permissions.

There is a brief description between the differences here - https://learn.microsoft.com/en-us/graph/auth/auth-concepts#microsoft-graph-permissions

Looking at the permissions referemce for this API call it seems delegated is not supported - https://learn.microsoft.com/en-us/graph/api/callrecords-callrecord-getpstncalls?view=graph-rest-1.0&tabs=http

So I believe you will need to make this API call under the context of the application, not the signed in user.

Do let me know if you have any further questions, I would be happy to help!

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.