Hi,
I am working with a solution where a client needs to use Microsoft Universal Print. I am using Microsoft Graph and the client credentials flow. After getting the access token via the credentials instance I have the following error upon making a request to the Graph api: The token does not have one or more required security scopes..
Using the jwt debugger bellow I see no roles claim that I have understood that it should contain.
Questions:
1, Do anyone have a tip on how to overcome this problem?
2, If I understand the documentation of GetTokenAsync correctly the result is cached in the cliet on created with the clientSecretCredential as input?
3, I should not need to assign the token anywhere (the client or options object does not contain any property for it as I understand)?
Bellow is an example of the code that creates a Microsoft graph client. Please note that I do call GetAccess token also just for myself to be able to compare the tokens, just to make sure there are no difference then it comes to the roles claim.
public MicrosoftGraphClient()
{
try
{
FileLogger.LogToFile($"MicrosoftGraphClient constructor: Configuring Graph client, tenantId {azureTenantId} clientId {azureClientId}");
//accessToken = GetAccessToken();
var scopes = new[] { "https://graph.microsoft.com/.default" };
// Multi-tenant apps can use "common",
// single-tenant apps must use the tenant ID from the Azure portal
// using Azure.Identity;
var options = new ClientSecretCredentialOptions
{
AuthorityHost = AzureAuthorityHosts.AzurePublicCloud,
};
// https://learn.microsoft.com/dotnet/api/azure.identity.devicecodecredential
var clientSecretCredential = new ClientSecretCredential(azureTenantId, azureClientId, azureClientSecret, options);
FileLogger.LogToFile($"MicrosoftGraphClient constructor: Got Token {clientSecretCredential.GetTokenAsync(new Azure.Core.TokenRequestContext(scopes)).Result.Token}");
FileLogger.LogToFile($"MicrosoftGraphClient constructor: Got Token {GetAccessToken()}");
GraphClient = new GraphServiceClient(clientSecretCredential, scopes);
FileLogger.LogToFile($"MicrosoftGraphClient constructor: The Graph Client were successfully configured and created");
}
catch (Exception e)
{
FileLogger.LogToFile("Error in" + " " + "MicrosoftGraphClient constructor the Graph client was not created for the following reason:" + " " + e.Message + " " + "InnerException" + " " + e.InnerException + " " + "Exception Details" + " " + e);
}
}
When I decode the token in the JWT decoder here:
JWT Debugger azurewebsites.net
JWT Debugger
JWT Debugger
JWT Debugger
azurewebsites.net
azurewebsites.net
JWT DebuggerJWT DebuggerJWT Debugger JWT DebuggerJWT Debugger JWT Debugger JWT Debugger azurewebsites.net azurewebsites.net
Kindly
Oskar Berntorp