search

AzureAD / azure-activedirectory-library-for-objc

The ADAL SDK for Objective C gives you the ability to add support for Work Accounts to your iOS and macOS applications with just a few lines of additional code. This SDK gives your application the full functionality of Microsoft Azure AD, including industry standard protocol support for OAuth2, Web API integration with user level consent, and two factor authentication support.
MIT License
178 stars 113 forks source link

Server returned less scopes than requested #1545

Closed AbhishekVashisth closed 4 years ago

AbhishekVashisth commented 4 years ago

Issue with the scope "offline_access", I have already granted permission but having issue with below error messages Could not acquire token: Error Domain=MSALErrorDomain Code=-50003 "(null)" UserInfo={MSALDeclinedScopesKey=( "offline_access" ) Screenshot 2020-07-18 at 6 00 51 PM Simulator Screen Shot - iPhone 11 Pro Max - 2020-07-18 at 17 49 44

Below are the logs : TID=233428 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:18:27] (Default accessor) Get accounts. TID=233428 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:18:27] Keychain find status: 0 TID=233428 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:18:27] (Default accessor) Looking for token with aliases (null), tenant (null), clientId (null), scopes (null) TID=233428 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:18:27] Keychain find status: 0 TID=233428 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:18:27] (Default accessor) Found 1 tokens TID=233428 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:18:27] (Default accessor) Found the following accounts in default accessor: MaskedArray(count=1) TID=233428 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:18:27] Keychain find status: -25300 TID=233428 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:18:27] (Default accessor) Found the following accounts in other accessors: MaskedArray(count=1) TID=233428 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:18:27] Returning account for parameters with environment login.windows.net, identifier e9fe3977, username auth.placeholder-96cabb59@hotmail.com TID=233428 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:18:27] Querying MSAL accounts with parameters (identifier=Masked(null), tenantProfileId=Masked(null), username=Masked(null), return only signed in accounts 1) TID=233428 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:18:27] Keychain find status: 0 TID=233428 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:18:27] (Default accessor) Get accounts. TID=233428 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:18:27] Keychain find status: 0 TID=233428 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:18:27] Keychain find status: 0 TID=233428 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:18:27] (Default accessor) Looking for token with aliases (null), tenant (null), clientId bc00aef7-8cc6-4e1d-a6db-a3baf4f44b1f, scopes (null) TID=233428 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:18:27] Keychain find status: 0 TID=233428 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:18:27] Keychain find status: 0 TID=233428 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:18:27] Keychain find status: 0 TID=233428 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:18:27] (Default accessor) No accounts found in default accessor. TID=233428 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:18:27] Keychain find status: -25300 TID=233428 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:18:27] (Default accessor) No accounts found in other accessors. TID=233428 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:18:27] Found MSAL accounts with count 0 TID=233428 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:18:27] Found MSAL account with current account Masked(null), previous account auth.placeholder-96cabb59@hotmail.com Account signed out. Updating UX TID=233428 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:18:27] Requiring default broker type due to app being built with iOS 13 SDK TID=233428 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:18:27 - 315FD56D-EBD7-4E44-9405-DC8B391D2CD8] [MSAL] -[MSALPublicClientApplication acquireTokenWithParameters:( "User.Read calendars.read calendars.readwrite offline_access" ) extraScopesToConsent:(null) account:Masked(null) loginHint:Masked(null) promptType:MSALPromptTypeSelectAccount extraQueryParameters:(null) authority:(null) webviewType:MSALWebviewTypeDefault customWebview:No correlationId:(null) capabilities:(null) claimsRequest:(null)] TID=233428 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:18:27 - 315FD56D-EBD7-4E44-9405-DC8B391D2CD8] [MSAL] Checking broker install state for version V2-broker-nonce 2020-07-18 17:48:27.134496+0530 MSALiOS[7328:233428] -canOpenURL: failed for URL: "msauthv2://broker" - error: "The operation couldn’t be completed. (OSStatus error -10814.)" TID=233428 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:18:27] Scheme msauthv2 for broker not present TID=233428 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:18:27 - 315FD56D-EBD7-4E44-9405-DC8B391D2CD8] [MSAL] Beginning interactive flow. TID=233428 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:18:27 - 315FD56D-EBD7-4E44-9405-DC8B391D2CD8] [MSAL] Resolving authority: Masked(not-null), upn: Masked(null) TID=233604 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:18:27 - 315FD56D-EBD7-4E44-9405-DC8B391D2CD8] [MSAL] No cached preferred_network for authority TID=233604 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:18:27 - 315FD56D-EBD7-4E44-9405-DC8B391D2CD8] [MSAL] Caching AAD Environements TID=233604 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:18:27 - 315FD56D-EBD7-4E44-9405-DC8B391D2CD8] [MSAL] networkHost: login.microsoftonline.com, cacheHost: login.windows.net, aliases: login.microsoftonline.com, login.windows.net, login.microsoft.com, sts.windows.net TID=233604 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:18:27 - 315FD56D-EBD7-4E44-9405-DC8B391D2CD8] [MSAL] networkHost: login.partner.microsoftonline.cn, cacheHost: login.partner.microsoftonline.cn, aliases: login.partner.microsoftonline.cn, login.chinacloudapi.cn TID=233604 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:18:27 - 315FD56D-EBD7-4E44-9405-DC8B391D2CD8] [MSAL] networkHost: login.microsoftonline.de, cacheHost: login.microsoftonline.de, aliases: login.microsoftonline.de TID=233604 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:18:27 - 315FD56D-EBD7-4E44-9405-DC8B391D2CD8] [MSAL] networkHost: login.microsoftonline.us, cacheHost: login.microsoftonline.us, aliases: login.microsoftonline.us, login.usgovcloudapi.net TID=233604 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:18:27 - 315FD56D-EBD7-4E44-9405-DC8B391D2CD8] [MSAL] networkHost: login-us.microsoftonline.com, cacheHost: login-us.microsoftonline.com, aliases: login-us.microsoftonline.com TID=233604 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:18:27 - 315FD56D-EBD7-4E44-9405-DC8B391D2CD8] [MSAL] Resolved authority, validated: YES, error: 0 TID=233428 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:18:27] Start background app task with type 0 TID=233428 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:19:26] Stop background task with type 0 TID=233428 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:19:26 - 315FD56D-EBD7-4E44-9405-DC8B391D2CD8] [MSAL] Enrollment id read from intune cache : (null). TID=234118 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:19:28] Failed to init id token claims in MSIDAADV2TokenResponse, error: Masked(null) TID=234118 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:19:28 - 315FD56D-EBD7-4E44-9405-DC8B391D2CD8] [MSAL] Validate and save token response... TID=234118 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:19:28] Enrollment id read from intune cache : (null). TID=234118 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:19:28 - 315FD56D-EBD7-4E44-9405-DC8B391D2CD8] [MSAL] Keychain find status: 0 TID=234118 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:19:28 - 315FD56D-EBD7-4E44-9405-DC8B391D2CD8] [MSAL] Saving token response, only save SSO state 0 TID=234118 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:19:28 - 315FD56D-EBD7-4E44-9405-DC8B391D2CD8] [MSAL] (Default accessor) Saving multi resource refresh token TID=234118 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:19:28] Enrollment id read from intune cache : (null). TID=234118 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:19:28 - 315FD56D-EBD7-4E44-9405-DC8B391D2CD8] [MSAL] (Default cache) Removing credentials with type AccessToken, environment login.windows.net, realm 9188040d-6c67-4c5b-b112-36a304b66dad, clientID bc00aef7-8cc6-4e1d-a6db-a3baf4f44b1f, unique user ID Masked(not-null), target User.Read Calendars.Read Calendars.ReadWrite openid profile TID=234118 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:19:28 - 315FD56D-EBD7-4E44-9405-DC8B391D2CD8] [MSAL] Keychain find status: -25300 TID=234118 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:19:28 - 315FD56D-EBD7-4E44-9405-DC8B391D2CD8] [MSAL] Saving keychain item, item info Masked(not-null) TID=234118 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:19:28 - 315FD56D-EBD7-4E44-9405-DC8B391D2CD8] [MSAL] Saving keychain item, item info Masked(not-null) TID=234118 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:19:28 - 315FD56D-EBD7-4E44-9405-DC8B391D2CD8] [MSAL] Saving keychain item, item info Masked(not-null) TID=234118 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:19:28 - 315FD56D-EBD7-4E44-9405-DC8B391D2CD8] [MSAL] Keychain find status: 0 TID=234118 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:19:28 - 315FD56D-EBD7-4E44-9405-DC8B391D2CD8] [MSAL] Saving keychain item, item info Masked(not-null) TID=234118 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:19:28 - 315FD56D-EBD7-4E44-9405-DC8B391D2CD8] Server returned less scopes than requested, granted scopes: {( "User.Read", "Calendars.Read", "Calendars.ReadWrite", openid, profile )} TID=234118 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:19:28 - 315FD56D-EBD7-4E44-9405-DC8B391D2CD8] Removing reserved scopes from granted scopes: {( openid, profile, "offline_access" )} TID=234118 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:19:28 - 315FD56D-EBD7-4E44-9405-DC8B391D2CD8] Final granted scopes: {( "User.Read", "Calendars.Read", "Calendars.ReadWrite", openid, profile )} TID=234118 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:19:28 - 315FD56D-EBD7-4E44-9405-DC8B391D2CD8] [MSAL] Interactive flow finished. Result (null), error: -51415 error domain: MSIDOAuthErrorDomain TID=234118 MSAL 1.1.5 iOS Sim 13.3 [2020-07-18 12:19:28 - 315FD56D-EBD7-4E44-9405-DC8B391D2CD8] [MSAL] acquireToken returning with error: (MSALErrorDomain, -50003) Masked(not-null) Could not acquire token: Error Domain=MSALErrorDomain Code=-50003 "(null)" UserInfo={MSALDeclinedScopesKey=( "offline_access" ), MSALGrantedScopesKey=( "User.Read", "Calendars.Read", "Calendars.ReadWrite" ), MSALErrorDescriptionKey=Server returned less scopes than requested, MSALCorrelationIDKey=315FD56D-EBD7-4E44-9405-DC8B391D2CD8, MSALInvalidResultKey=<MSALResult: 0x600001bf9aa0>}

jasoncoolmax commented 4 years ago

Let me take a look.

AbhishekVashisth commented 4 years ago

Hi Jason

Thank you. Did you get chance to look into it?

jasoncoolmax commented 4 years ago

Hi @AbhishekVashisth , "offline_access" is a reserved scope. MSAL will always send it to server. So you don't need to set it. Could you please remove "offline_access" from the request scopes when you call MSAL?

(When a developer passes MSAL "offline_access" as part of scopes, MSAL normally will error out. I am curious how your app didn't see such an early error...)

bhandaribhumin commented 4 years ago

Same error I'm getting for different scope objc issue

swift issue