Microsoft Security | Microsoft Entra | Microsoft Entra ID
A cloud-based identity and access management service for securing user authentication and resource access
Token request cannot be made without authorization code or refresh token when I add "teamsAppInstallation.ReadWriteSelfForChat.All" scope
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(278.4, 23%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Gabriel Malinosqui
0
Reputation points
Hello everyone,
I'm currently facing an issue with the MSAL Node.js authentication library (msal2.js). When attempting to integrate the 'teamsAppInstallation.ReadWriteSelfForChat.All' scope into the Auth-Code flow for a Node.js application, I'm encountering the following error:
ClientAuthError: request_cannot_be_made: Token request cannot be made without authorization code or refresh token.
I'm utilizing the Authorization Code sample provided in the MSAL Node.js library, with the only modification being the addition of the aforementioned scope to my configuration. Below, I've shared the relevant segment of my customConfig.json and the primary code snippet where the error surfaces.
Custom Configuration (customConfig.json):
{
"authOptions": {
"clientId": "XXXXX",
"authority": "https://login.microsoftonline.com/organizations/"
},
"request": {
"authCodeUrlParameters": {
"scopes": ["user.read", "user.read.all", "teamsAppInstallation.ReadWriteSelfForChat.All"],
"redirectUri": "http://localhost:3000/redirect"
},
"tokenRequest": {
"redirectUri": "http://localhost:3000/redirect",
"scopes": ["user.read", "user.read.all", "teamsAppInstallation.ReadWriteSelfForChat.All"]
}
},
"resourceApi": {
"endpoint": "https://graph.microsoft.com/v1.0/me"
}
}
// Relevant express setup and MSAL initialization code
// ...
app.get("/redirect", (req, res) => {
const tokenRequest = {
...requestConfig.tokenRequest,
code: req.query.code,
state: req.query.state,
};
// Additional code for handling the token request
// ...
});
My auth configuration on Azure Entra Admin Center:
I would greatly appreciate any insights or guidance on resolving this error. Is there an additional configuration step or permission that I'm potentially missing for this specific scope?
Thank you for your assistance!
Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Graph
Microsoft Security | Microsoft Graph
An API that connects multiple Microsoft services, enabling data access and automation across platforms
Microsoft Teams | Microsoft Teams for business | Other
Microsoft Teams | Microsoft Teams for business | Other
Additional features, settings, or issues not covered by specific Microsoft Teams categories
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 24%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJM%3C/text%3E%3C/svg%3E)
JimmyYang-MSFT 58,781 Reputation points Moderator2023-11-08T02:28:29.0766667+00:00 Teams tag is mainly focused on the general issue of Microsoft Teams troubleshooting. According to your description, your question is not in our support scope. So I will remove teams tag from your thread. Thanks for your understanding!
Sign in to comment
Sign in to answer