Developer technologies | ASP.NET | ASP.NET Core
A set of technologies in the .NET Framework for building web applications and XML web services.
Azure AD B2C Returning Additional Scopes
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 85%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWH%3C/text%3E%3C/svg%3E)
Waqas Haneef
5
Reputation points
Hello,
I have an .Net Core 7 Web API Protected by Azure Active Directory B2C, I have configured the everything properly based on the documents provided by Microsoft
I have registered my Web API on Azure AD B2C, exposed 2 scopes and then configured my .Net Core 7 Web API to use Azure AD B2C based Authentication and Authorization and everything is working as expected.
The issue I am facing here is that I am requesting only one scope from postman but I am getting all scopes based my Auth Flow is Auth Code with PKCE.
I am now sure if I am missing something, any help in this regard is much appreciated.
Developer technologies | ASP.NET | ASP.NET Core
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
{count} vote
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 81%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
Marilee Turscak-MSFT 37,271 Reputation points Microsoft Employee Moderator2023-10-11T00:02:58.47+00:00 Can you share the request you included? Based on your screenshot it looks like you are trying to request only the "Write.All" scope but are receiving both "Read.All" and "Write.All". Could you share more details about your goal and use case?
https://stackoverflow.com/questions/74603436/azure-ad-authentication-multiple-scopes-issue
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 86%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETC%3C/text%3E%3C/svg%3E)
Thon Chanvannak 1 Reputation point2023-10-11T00:04:19.9666667+00:00 -
Waqas Haneef 5 Reputation points
2023-10-12T06:08:22.36+00:00 @Marilee Turscak-MSFT here is the request that I am sending
and my problem is that I am requesting only Write.All but getting both Read.All and Write.All scopes back
-
Marilee Turscak-MSFT 37,271 Reputation points Microsoft Employee Moderator
2023-10-30T20:53:39.8533333+00:00 Apologies for the delay. This might be expected with Read.All being included in Write.All, but I'm testing to confirm this.
Sign in to comment
Sign in to answer