Hi @alma eyre ,
As mentioned in your other thread as well,
If you want to use Azure service management API to get the list of subscriptions and resource groups, user_impersonation is the scope that you need to request to work with the Azure Management API.
You can add permission as mentioned below Application-> API permissions -> Add a permission -> select Azure Service Management API -> select the user_impersonation
Also, you need to make sure the user has role i.e Contributor assigned in the subscription.
Hope this will helps.
Please remember to "Accept Answer" if answer helped you.
Yes, I tried after clearing cookies. The same error occurs.
Yes, the error is only happening with personal accounts. With organizational accounts I get a completely different error depending on how I set the API permissions in my app registration in Azure AD.
"ERROR. Scopes: https://management.azure.com/.default. Error message: invalid_client. AADSTS650057: Invalid resource. The client has requested access to a resource which is not listed in the requested permissions in the client's application registration. Client app ID: 480eb9fb-36f6-4381-92f6-af4b9e3bf1d7(Opal). Resource value from request: https://management.azure.com. Resource app ID: 797f4846-ba00-4fd7-ba43-dac1f8f63013. List of valid resources from app registration: 00000003-0000-0000-c000-000000000000.
Trace ID: 1930e55e-c4d8-402d-8924-cd0b2b922300
Correlation ID: f798622c-a4d1-4fb2-ad4b-077c265c6c7e
Timestamp: 2022-02-08 16:01:20Z."
So perhaps those permissions were too few.
Next, I tried following this guide (https://learn.microsoft.com/en-us/graph/permissions-reference) and set the permissions I thought the Azure SDK methods I am using would need. But perhaps I was too liberal because I got this error instead: "ERROR. Scopes: https://management.azure.com/.default. Error message: invalid_client. AADSTS650054: The application '' asked for permissions to access a resource that has been removed or is no longer available. Contact the app vendor.
Trace ID: 9c1c7cdf-bf7f-4408-9f4e-d1364b360000
Correlation ID: 836ab643-ca40-4520-961c-e69337b2f836
Timestamp: 2022-02-07 17:31:40Z."
Modifying the following two points will solve your problem:
/tenant idendpoint to the