Java MSAL acquiretoken not returning the desired scopes

Saif 1 Reputation point


Im building an integration with Microsoft Dynamics. The integration is supposed to allow users to sign into their dynamics accounts and once signed in, they should be able to push and update contacts from my application to their dynamics instance. I'm using the MSAL Java library to allow me to sign in users to microsoft dynamics and acquire an access token. Below is the code Im using to acquire the token:

public IAuthenticationResult getAuthenticationResult(AuthenticationResponse response, UriInfo info) throws Throwable {  
      if (isAuthenticationSuccessful(response)) {  
        AuthenticationSuccessResponse oidcResponse = (AuthenticationSuccessResponse) response;  
        // validate that OIDC Auth Response matches Code Flow (contains only requested artifacts)  
        ConfidentialClientApplication app = null;  
        app = ConfidentialClientApplication  
            .builder(MicrosoftDynamicsClientId, ClientCredentialFactory.createFromSecret(MicrosoftDynamicsClientSecret)).  
        String authCode = oidcResponse.getAuthorizationCode().getValue();  
        URI requestUri = info.getRequestUri();  
        URI redirectUri = new URI(requestUri.getScheme(), requestUri.getAuthority(), requestUri.getPath(), null, requestUri.getFragment());  
        AuthorizationCodeParameters parameters = AuthorizationCodeParameters.builder(  
        Future<IAuthenticationResult> future = app.acquireToken(parameters);  
        IAuthenticationResult result = null;  
        result = future.get();  
        return result;  
      } else {  
        AuthenticationErrorResponse oidcResponse = (AuthenticationErrorResponse) response;  
        throw new Exception(String.format("Request for auth code failed: %s - %s",  

However the result I get back doesn't contain the scopes I want and therefore the access token I get back isnt authorized to perform any operation on the user's dynamics instance. In my Azure Active Directory account, I've specified the API permissions I need like so:

What do I need to do to get the correct scopes to access the signed-in user's Microsoft Dynamics instance and be able to perform operations on it?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,537 questions
{count} votes