Wich scope use to get the access token for microsft credential

Romain Lentz 1 Reputation point
2022-04-05T12:07:48.25+00:00

Hello,
I'm trying to do postman access token request to reach the following api :

https://api-eu.securitycenter.windows.com/api/vulnerabilities?$filter=publishedOn+ge+2022-01-01T00:00:00Z

however the result returned is always the same : 

"error": {
    "code": "Unauthorized",
    "message": "Unauthorized",
    "target": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
}

Here is the request I've used to get the access token :

POST : https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token

Body:
client_id : my client id
scope : https://graph.microsoft.com/.default
client_secret : my client secret
grant_type : client_credentials

Header :
Content-Type : x-www-form-urlencoded

The response return me a token that is apparently not recognized by the first request...

I've tryed several scopes such as : /.default, user.read openid profile offline_access, https://graph.microsoft.com/.defaul

Even if they are all returning me a token, none of them seems to work.

I've also added the right to WindowsDefenderATP > Vulnerability.read, from the azure portal.

Is the problem the scope ? What scope should I use if i have a cllient credential grant type ?

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,725 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Vicky Kumar (Mindtree Consulting PVT LTD) 1,146 Reputation points Microsoft Employee
    2022-04-19T09:59:10.74+00:00

    Put your access token on jwt.ms and see if you have User.ReadWrite Or User.ReadWrite.All are present or not.

    0 comments