Cannot Have Multiple Resources In the Scope Parameter

[Matthew-Kanderka]

I am trying to get consent for multiple different resources when the user logs in.

Config used:

config = Config(
  tenant: tenant,
  clientId: clientId,
  scope:
      'https://analysis.windows.net/powerbi/api/Report.Read.All https://graph.microsoft.com/Sites.Read.All',
  redirectUri: redirectUri,
  navigatorKey: navigatorKey,
  webUseRedirect: true,
);

But when a user tries to log in, the following error is returned from the MS /token call:

AADSTS28000: Provided value for the input parameter scope is not valid because it contains more than one resource. Scope https://analysis.windows.net/powerbi/api/Report.Read.All https://graph.microsoft.com/Sites.Read.All openid profile offline_access is not valid. Trace ID: de2aa854-ac14-48f8-a9f0-5a910e931b00 Correlation ID: ae8814a9-8532-4174-9f4e-d29b318cda8f Timestamp: 2024-07-17 14:42:13Z

The description of the scope parameter in the config.dart file mentions the ability to get consent for multiple web APIs, but it seems like this is not supported.

[paulhwangfti]

Also running into this same issue, any resolution found?

[xbignell-cp]

same problem here, no one found a solution? 😢

[justoke]

The scope parameter can be configured with spaces between the scopes, but it seems the URLs used are not what is expected. You don't mention what platform or directory you are using, but here is an example of a working Azure B2C app registration which exposes an API to signed in users.

For my Azure B2C use case, I specify the scope as follows:

openid is configured under the API permissions of the app registration for the API

For the Expose an API we need to define the scope