Sometime during the Broker work, group memberships appear to have stopped working.
Part of the issue is that we are requesting the wrong resource, but after fixing this, there is still an error during the membership request:
ERROR 🚨 [error]: Error encountered while fetching user groups: {"error":{"code":"Authorization_RequestDenied","message":"Insufficient privileges to complete the operation.","innerError":{"date":"2024-05-16T21:39:25","request-id":"eaaf6ba4-59f5-4871-9d79-285e48fc4486","client-request-id":"eaaf6ba4-59f5-4871-9d79-285e48fc4486"}}}
When I inspect the access token used to make the request, the problem is obvious:
The requested scope was not assigned! Looking at Dirk-jan Mollema implementation, he never supplies a scope in the way that I have in the prt exchange request. It looks like I've done something wrong here in MSAL. The question is, if that's the wrong place to request the scope, where is the correct place (there doesn't seem to be one)???
Sometime during the Broker work, group memberships appear to have stopped working. Part of the issue is that we are requesting the wrong resource, but after fixing this, there is still an error during the membership request: ERROR 🚨 [error]: Error encountered while fetching user groups: {"error":{"code":"Authorization_RequestDenied","message":"Insufficient privileges to complete the operation.","innerError":{"date":"2024-05-16T21:39:25","request-id":"eaaf6ba4-59f5-4871-9d79-285e48fc4486","client-request-id":"eaaf6ba4-59f5-4871-9d79-285e48fc4486"}}}
When I inspect the access token used to make the request, the problem is obvious:
The requested scope was not assigned! Looking at Dirk-jan Mollema implementation, he never supplies a scope in the way that I have in the prt exchange request. It looks like I've done something wrong here in MSAL. The question is, if that's the wrong place to request the scope, where is the correct place (there doesn't seem to be one)???