Microsoft-authentication-library-for-js: 'user.read' scope

Created on 2 Mar 2020  路  4Comments  路  Source: AzureAD/microsoft-authentication-library-for-js

Library

Description

Please provide your question here, including as much relevant details as possible.

I am new to both ad b2c and msal. I'm trying to follow this tutorial: https://github.com/Azure-Samples/active-directory-b2c-javascript-msal-singlepageapp. I seem to have auth configured correctly, but I get an error The scope 'User.Read' provided in the request is not supported. Can someone point me to what I may be doing incorrectly? Thanks for your time!

question
Source
picture 00vareladavid

All 4 comments

Do I somehow have to create that scope through the azure portal?

00vareladavid picture 00vareladavid on 2 Mar 2020

@00vareladavid You need to enable that scope for your application in the Portal (under the "API Permissions" blade).

jasonnutter picture jasonnutter on 2 Mar 2020

Hi @00vareladavid,

the sample you mention is calling a web api that has only the scope .../demo.read, so that will have to be the scope requesting an access token. For instance, 

    const tokenRequest = {
        scopes: ["https://fabrikamb2c.onmicrosoft.com/helloapi/demo.read"]
    };

When requesting an id token, the scopes you pass to loginRequest object are used. There, the scope openid is crucial to get the id token, whereas the other scopes are for what the user pre-consents (so that they can get an access token silently for these scopes). Since the sample is calling a custom web API, user.read is not defined for it (it's a scope for Microsoft Graph API), since, as I said, that web api has only the scope .../demo.read

For that sample, your loginRequest object should look like this:

    const loginRequest = {
        scopes: ["openid", "profile"]
    };
derisen picture derisen on 2 Mar 2020
👍1

Thank you for the quick replies.

Your advice helped me pinpoint my problem. I had this line:

const scopes = ["openid", "profile", "User.Read"]

Changing it to the following solved my problem:

const scopes = ["openid", "profile"]
00vareladavid picture 00vareladavid on 3 Mar 2020
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

spottedmahn picture spottedmahn  路  3Comments
sameerag picture sameerag  路  3Comments
ninio picture ninio  路  3Comments
exequeryphil picture exequeryphil  路  3Comments
AbhaysinghBhosale picture AbhaysinghBhosale  路  3Comments