Scopes retrieved with authorization code

Question

Hi

I'm doing authorization flow (https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow)
with Calendars.Read and Calendars.Read.Shared scopes, but when I get authorization code and exchange it for access and refresh tokens, target field of access token only contains "openid profile Calendars.Read" scopes without shared one.

That causes problems later on when refreshing the token.

My use case is that I want to obtain user calendars and ones that are being shared.

Am I configuring something wrong or is this an issue with the API?

I'm using msal4j 1.9.1 and microsoft-graph 3.1.0 libs.

Answer 1

Hello @Vedran C ,

Thank you for reaching out and apologize for delayed response.

There should not be any issue as long as you defined appropriate scope in GET call when requesting for a code. This is sample scope which I used in my lab and was able to get access_token with Calendars.Read.Shared without any issue. scope. scope=Calendars.Read%20Calendars.Read.Shared%20email%20openid%20profile%20offline_access

GET call for code:

https://login.microsoftonline.com/<TenantName>/oauth2/v2.0/authorize?client_id=11111111-db82-44df-9bed-11111111eac5&scope=Calendars.Read%20Calendars.Read.Shared%20email%20openid%20profile%20offline_access&redirect_uri=http://localhost:3000/redirect&response_mode=query&response_type=code

POST call for access_token using PostMan

Hope this helps.

------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.