I am using Keycloak to authenticate users into my webapp. I have configured Microsoft IDP as an external identity provider. This setup was working until early June when it stopped working.
Keycloak is sending an authorization code grant to the Microsoft endpoint. The scopes I'm setting on the authorization request are openid profile email
to get the name and e-mail address of the user.
I am receiving an error response on the redirect URL, where the payload looks like this:
{
"error": {
"code": "ErrorInsufficientPermissionsInAccessToken",
"message": "Exception of type 'Microsoft.Fast.Profile.Core.Exception.ProfileAccessDeniedException' was thrown.",
"innerError": {
"date": "2022-07-22T18:58:51",
"request-id": "3ae2cb3f-1f80-4987-a8f6-9fc8f83a6cf5",
"client-request-id": "3ae2cb3f-1f80-4987-a8f6-9fc8f83a6cf5"
}
}
}
Does anybody know why this is happening?