search

Azure-Samples / ms-identity-mobile-apple-swift-objc

An iOS sample in Swift that authenticates Microsoft Account and Azure AD users and calls the Graph API using OAuth 2.0
https://aka.ms/aaddev
74 stars 37 forks source link

accessToken not generated after adding Scope #69

Closed bhandaribhumin closed 3 years ago

bhandaribhumin commented 4 years ago

let kScopes: [String] = ["user.read","Calendars.Read","Calendars.ReadWrite"]

App Permission:

Screenshot 2020-08-21 at 5 17 15 PM

Error Log: 

Could not acquire token silently: Error Domain=MSALErrorDomain Code=-50003 "(null)" UserInfo={MSALDeclinedScopesKey=(
  "Calendars.Read",
  "Calendars.ReadWrite"
), MSALGrantedScopesKey=(
    "User.Read",
    email
), MSALErrorDescriptionKey=Server returned less scopes than requested

TID=101906 MSAL 1.1.3 iOS 14.0 [2020-08-21 12:21:19 - ] Server returned less scopes than requested, granted scopes: {(
    "User.Read",
    profile,
    openid,
    email
)}
TID=101906 MSAL 1.1.3 iOS 14.0 [2020-08-21 12:21:19 - ] Removing reserved scopes from granted scopes: {(
    openid,
    profile,
    "offline_access"
)}
TID=101906 MSAL 1.1.3 iOS 14.0 [2020-08-21 12:21:19 -] Final granted scopes: {(
    "User.Read",
    profile,
    openid,
    email
)}
TID=101906 MSAL 1.1.3 iOS 14.0 [2020-08-21 12:21:19 -] [MSAL] Silent flow finished. Result (null), error: -51415 error domain: MSIDOAuthErrorDomain
TID=101906 MSAL 1.1.3 iOS 14.0 [2020-08-21 12:21:19 - ] [MSAL] acquireTokenSilent returning with error: (MSALErrorDomain, -50003) Masked(not-null)
kaisong1990 commented 4 years ago

@bhandaribhumin Thanks for providing the information. Based on the info from the error log, there is no Calendars.Read and Calendars.ReadWrite in the final granted scopes.

Could you try to reproduce the issue and provide correlation id for further investigation?

bhandaribhumin commented 4 years ago

Yes I was using the same client ID, I confirmed. Also see above image for app permissions I already given to this app.

image

bhandaribhumin commented 4 years ago

@kaisong1990 awaiting please help me on this.

bhandaribhumin commented 4 years ago

@kaisong1990 is below policy is blocking me for call Graph API.

thumbnail_image001
jasoncoolmax commented 4 years ago

Did your issue go away once you uncheck the above box?

bhandaribhumin commented 4 years ago

@jasoncoolmax This is recommended from Microsoft for our organization.

aherciya commented 3 years ago

@bhandaribhumin Are you still seeing this issue?

bhandaribhumin commented 3 years ago

@aherciya thanks for asking but our org. admin is still looking for remove this policy from azure. Awaiting acknowledge from admin :)

mipetriu commented 3 years ago

Closing this issue due to lack of response. Feel free to reopen when the policy can be removed.