In the OAuth link using authorization code flow, unable to pass any permissions from Office 365 Exchange Online API or for that matter any other permission that doesn't belong to Microsoft Graph API in the scopes parameter of the OAuth link.
For example, this is the OAuth link :-
login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=XXXXXXXXXX&response_type=code&redirect_uri=https%3A//google.com&response_mode=query&state=12345&prompt=consent&scope=offline_access%20AuditLog.Read.All%20Policy.Read.All%20Directory.Read.All%20IdentityProvider.Read.All%20Securityevents.Read.All%20ThreatIndicators.Read.All%20SecurityActions.Read.All%20User.Read.All%20UserAuthenticationMethod.Read.All%20MailboxSettings.Read%20DeviceManagementManagedDevices.Read.All%20DeviceManagementApps.Read.All%20UserAuthenticationMethod.ReadWrite.All%20DeviceManagementServiceConfig.Read.All%20DeviceManagementConfiguration.Read.All%20Organization.Read.All%20Exchange.Manage
It throws the following error
error=invalid_client&error_description=AADSTS650053%3A+The+application+%27AZTest%27+asked+for+scope+%27Exchange.Manage%27+that+doesn%27t+exist+on+the+resource+%2700000003-0000-0000-c000-000000000000%27.+Contact+the+app+vendor.%0D%0ATrace+ID%3A+02c24508-4948-4e3d-a79f-e19341c0ca00%0D%0ACorrelation+ID%3A+057133e4-9566-4263-87aa-a4328fbdedd8%0D%0ATimestamp%3A+2023-10-25+10%3A12%3A28Z&state=12345