Hi @Sophie Higgins , please refer to this document to make sure you have the right permissions. It does look like yours are correct though. Can you please check the following troubleshooting steps and let me know your results?
- Make sure that the scope values that you are passing in the authorize URL are valid and correspond to the permissions that your application needs to call the Azure DevOps APIs. You can find a list of valid scope values for Azure DevOps APIs in the Azure DevOps documentation.
- Make sure that the scope values are URL-encoded correctly. It looks like you are already URL-encoding the scope values, but you might want to double-check to make sure that the encoding is correct.
- Make sure that your application is registered in the Azure portal with the correct permissions to call the Azure DevOps APIs. You can check the application's permissions in the Azure portal under "API permissions".
- Make sure that your application is authorized to call the Azure DevOps APIs on behalf of users from different tenants. You can check this in the Azure portal under "Authentication" and make sure that the "Accounts in any organizational directory (Any Azure AD directory - Multitenant)" option is selected.
Please let me know and I can help you further.
Best,
James