Azure-docs: AADSTS65006 is missing

@blueelvis Thanks for your feedback! We will investigate and update as appropriate.

@blueelvis Please open a Azure Support Ticket so that Identity Support engineer can check further on this issue. In case you limitations in your support plan to open support ticket please let me know.

@saurabhsensharma - This issue got fixed automatically so not sure if a support ticket is indeed required now. We reset the permissions and applied them again and it started working magically.

Still, it would be best to add documentation about this.

@blueelvis Glad to hear that it is resolved. Thanks for the feedback ! I have assigned this issue to content author to investigate and update the document as appropriate.
@rwike77 Can you please add details around this error to the documentation.

I'm receiving this error as well. I set up RBAC for an AKS cluster using Terraform and this was the message I got:

AADSTS65006: Resource '90837b9f-0797-4eaf-86e8-f8dd9bdb3acd' had no entitlements
matching required permissions configured on the required resource access for client '4d02c6d4-bcb7-4f30-820b-30d2136c70fe'. 
Requested permission IDs: 'Microsoft.AzureAD.Sts.ConsentQuery+PermissionWithType'. 
This is a problem with one or more invalid permission ids on the client RRA configuration or the resource entitlement configuration.

@blueelvis please take a look at the https://login.microsoftonline.com/error page for error information. This page has the most up to date information. You can also link directly to a specific error, for example https://login.microsoftonline.com/error?code=65006 (remove the "AADSTS" from the returned error code). I'm updating this article shortly to point people to https://login.microsoftonline.com/error. Thanks. #please-close

@rwike77 - Please reopen this issue. I get that it is the most relevant information but I also need the capability to see a complete list of errors to configure my lookups and other information systems. Is there a way to do that?

EDIT -- I just checked the error at the link you mentioned and it is saying as Code not found.

@blueelvis Did this link not work for you? https://login.microsoftonline.com/error?code=65006 When you check the error, you need to search on the error number (i.e. "65006") and NOT the full error code (AADSTS65006). I'll reopen the issue for now. I'll see if we can keep the full list of errors and somehow refresh it. Currently, this list is generated manually however. There are a lot of errors and some of them change, so it's difficult to keep the full list up to date. #reopen

@rwike77 - Thanks for the clarification!

Didn't know that full error code was not supported. It looks good. But, is there any roadmap for this endpoint?

Just FYI, the issue wasn't reopened by the bot :)

EDIT - Also, that is HTML response. Can we have a REST endpoint?

@SaurabhSharma-MSFT could you re-open this issue? I don't seem able to do that, thanks.

@rwike77 - Any chance for a REST endpoint? HTML parsing ;__;

@blueelvis, I can see why you would prefer not to do the HTML parsing :) I'm making some inquiries internally about a REST endpoint, will let you know.

Right now we're looking into centralizing and exposing error code information for several parts of AAD. That work touches on this thread, so I'll keep you updated. At this point, I can't say when/if we'll create a REST endpoint for the error code info but I'll bring it up with the engineering team in our meeting later this week.

@rwike77 - Thanks a lot! It would be really helpful to have a rest endpoint. Please let me know if any more information/testing is required from my end.

Hi @blueelvis , I talked with some other folks about adding the REST endpoint. We're concerned about people taking dependencies on specific error codes and messages in their apps, which has caused problems in the past. Adding programmatic lookup could encourage that. We're not currently planning to add a REST endpoint for looking up the error codes. Sorry, I'm sure that's not the answer you were wanting to hear. Adding @hpsin if you need clarification.

Hi @blueelvis

configure my lookups and other information systems. Is there a way to do that?

If you plan to code against the error codes, your app will break. We change these all the time and provide only the guarantee that they will change without warning. You should only ever code against the OIDC/OAuth defined errors found in the "error" field of the error. Everything else is there as a developer facing message so that you can understand what happened to the app.

Closing this issue, now. #please-close