User.ReadBasic.All scope not granted, v2

Question

I'm trying to request the following 3 scopes for oauth from the v2 Azure directory: user.read, user.readbasic.all, calendars.readwrite.

My authorization GET request is

https://login.microsoftonline.com/common/oauth2/v2.0/authorize?'
+ '&client_id=myclientid'
+ '&response_type=code'
+ `&redirect_uri=myredirecturl`
+ '&response_mode=query'
+ '&scope=user.read%20user.readbasic.all%20calendars.readwrite'
+ '&prompt=consent';

Notice I've ruled out having changed consent type since the last authorization was made.

I successfully get a code, and exchange that for a token:

axios.post(
'https://login.microsoftonline.com/common/oauth2/v2.0/token',
querystring.stringify(
  {
    client_id: my_client_id,
    client_secret: my_app_secret,
    grant_type: 'authorization_code',
    code,
    scope: 'user.readbasic.all user.read calendars.readwrite',
    redirect_uri: my_redirect_url
  },
  null,
  null,
  { encodeURIComponent: s => encodeURI(s) }
)

);

1. I am not seeing any consent message for user.readbasic.all on login
2. I am not receiving User.ReadBasic.All in the response for the scope of the token I'm rewarded.
3. I am receiving user.read and calendars.readwrite

Update I Believe i'm narrowing down the problem to changing scopes or tenant type. Although I have prompt=consent as a param, I am not getting the user.readbasic.all scope on my personal account. When I send the authorization link to others in organization tenants, they get the full list of permissions. Why are there two different permission pages for different users? Two screenshots:

Answer 1

The stringify() method is converting your object into application/json. This is incorrect, it should be application/x-www-form-urlencoded.

For details on how to do this with Axios, see this GitHub Issue.

Also, personal accounts (MSAs) can't "Read all users' basic profiles". As a "personal" account, there is only one user associated.