As the error message suggests, the Bing Ads API (identified by "https://ads.microsoft.com") has not been provisioned in your organization's directory.
Different Microsoft services/APIs get provisioned for different reasons (e.g. Microsoft Graph API is always provisioned, but Azure APIs are provisioned when you first sign up for Azure or enable a specific Azure service). In the case of the Bing Ads API, it gets provisioned when you sign up for a Microsoft Advertising account using your Azure AD (work or school) account.
So, what you can do is go to https://ads.microsoft.com > "Sign up now". As soon as you complete the first step ("Create Account"), you'll notice that in the Azure portal, under Azure AD > Enterprise apps > All applications, a new service is listed: "Microsoft Advertising API service" (you may need to change the "Application type" filter to "Microsoft Applications", or "All applications"). You'll also find that it's now listed under Azure AD > App registrations > (app) > API permissions > Add a permission > APIs my organization uses. Most importantly, you'll find that you no longer get the error message above when attempting to sign in to an app which is requesting access to that service.
Note: Unrelated to your question, I notice you're using prompt=consent
in your authorization request. There are very few scenarios where this is actually necessary, and yours doesn't seem to be one of them. If you want to force the account selection page, use prompt=select_account
, but otherwise, just omit the prompt
parameter entirely. Since you're explicitly stating that you require the msads.manage
permission for the Bing Ads API (by including scope=https://ads.microsoft.com/msads.manage
), the Microsoft Identity platform will automatically prompt the user for consent if necessary (and if the user is allowed to grant consent).