Hi @pankaj.t • Thank you for providing all the required details to understand the issue.
I am sharing the cause of the issue and the steps that we performed to resolve the issue.
Cause:
API permission added to the frontend application was added as delegated permission and the authentication flow used to get the token was Client_Credentials. When Client_Credentials flow is used, the token is acquired under the application context, which is why delegated permissions don't work and permissions need to be added as delegated permissions.
Resolution:
- Navigate to Azure AD > App Registration > Your_backend_api > App Roles > Add new role named Files.Read.
- Navigate to Azure AD > App Registration > Your_frontend_app > API Permissions > Add a permission > My APIs > Select your_backend_api > Application Permissions > select the checkbox for Files.read permission > Add permission.
- Once the permission is added click on Grant Admin Consent.
- Request an access token with
<your_app_id_uri>/.default
scope rather than<your_app_id_uri>/files.read
.
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.