OAuth2 with Azure Active Directory without specifying the resource

Question

I'm trying to obtain Auth Token using following tutorial: https://learn.microsoft.com/en-us/azure/active-directory/active-directory-protocols-oauth-code

The important thing is that I'm not providing the "Resource" parameter. According to the documentation it's optional.

I am able to obtain the Authorization Code, but when I try to use it to get the Access Token I'm getting:

AADSTS50001: Resource identifier is not provided

According to the documentation Resource param should only be required if it was specified in the request for Auth Code. With Resource param it works fine, but I need to implement it without it.

Answer 1

Make sure you have registered the application redirect uri in Azure AD. The redirect uri on the request needs to match the one registered on the identityprovider.

Request: authorize?client_id=<id>&scope=<scope>&response_type=id_token token&redirect_uri=<uri>

Answer 2

In the orignal OAuth 2.0 specification, there is no resource parameter in the authorization request. It use scope parameter. The authorization and token endpoints allow the client to specify the scope of the access request using the "scope" request parameter.

Based on my understanding, when Azure AD implement the OAuth 2.0(1.0 endpoint), the resource is used to specify the access_token you request for which resource. And the Azure AD will issue the token which the scp based on the permission you config on the portal for the resource.

And in the v2.0 endpoint, the Azure AD also use the scope to support the dynamic permission request. More detail you can refer here.