Share via

how make the GraphServiceClient(java) set multiple scope

耀駿 施 71 Reputation points
2022-06-13T10:24:50.06+00:00

This is my source code below
@Bean
public GraphServiceClient getGraphServiceClient() {
final ClientSecretCredential clientSecretCredential = new ClientSecretCredentialBuilder().clientId(CLIENT_ID)
.clientSecret(CLIENT_SECRET).tenantId(TENANT_ID).build();
List<String> scopes = new ArrayList<String>();
scopes.add("https://graph.microsoft.com/.default");
scopes.add("https://graph.microsoft.com/User.Read");
scopes.add("https://graph.microsoft.com/Channel.Create");
scopes.add("https://graph.microsoft.com/Files.ReadWrite.All");
scopes.add("https://graph.microsoft.com/offline_access");
final TokenCredentialAuthProvider tokenCredentialAuthProvider = new TokenCredentialAuthProvider(
scopes, clientSecretCredential); 

	return GraphServiceClient.builder().authenticationProvider(tokenCredentialAuthProvider).buildClient();  
}

but when I called the create channel, it always showed

com.microsoft.aad.msal4j.MsalServiceException: AADSTS70011: The provided request must include a 'scope' input parameter. The provided value for the input parameter 'scope' is not valid. The scope https://graph.microsoft.com/.default openid profile offline_access https://graph.microsoft.com/Files.ReadWrite.All https://graph.microsoft.com/User.Read https://graph.microsoft.com/offline_access https://graph.microsoft.com/Channel.Create is not valid.

what should I to solve this problem.

Microsoft Security | Microsoft Graph
0 comments
Accepted answer
  1. CarlZhao-MSFT 46,376 Reputation points
    2022-06-14T02:57:18.04+00:00

    Hi @耀駿 施

    The /.default is a static scope that already contains all the permissions you granted in the Azure portal, so you don't need to specify multiple scopes in your code. Please change your code to: 

    List<String> scopes = new ArrayList<String>();  
scopes.add("https://graph.microsoft.com/.default offline_access");  
final TokenCredentialAuthProvider tokenCredentialAuthProvider = new TokenCredentialAuthProvider(scopes, clientSecretCredential);

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.