Reputation: 13
Microsoft Graph Explorer App - Permissions issue
I've encountered a problem using the graph explorer. When I try to change the permissions for something with admin consent using my GA account, I get signed out and not back in and the address bar shows the error (not the app itself) - Invalid scope
If i use a native account of that AAD and not my personal Microsoft account that i used to open the subscription and tenant then it works.
Since there is a workaround i don't mind but it is weird the app doesn't show the error and that it won't work for my personal Microsoft account.
Upvotes: 1
Views: 570
Answers (1)
Reputation: 58723
Personal MS account not working may be due to graph explorer using the common v2.0 endpoint. It means your personal account is signing in as the personal account, not as the external user in your AAD tenant.
Certain scopes do not make sense when used with personal accounts.
A potential workaround is to change the login URL from https://login.microsoftonline.com/common to https://login.microsoftonline.com/your-aad-tenant-id where your-aad-tenant-id should be replaced with the id of your AAD tenant or a verified domain in that tenant.
This will force authentication against that tenant, allowing you to use the external user of your personal MS account in that tenant.
Upvotes: 1
Related Questions
- Graph API - Insufficient privileges to complete the operation
- API Permissions - Microsoft Graph API
- Azure Active Directory appRoleAssignments "Permission being assigned was not found on application"
- API Permission Status not granted warning in Azure AD Application API Permission
- Azure Active directory API permissions
- Proper apps permissions from azure AD to grant access on Microsoft Graph
- Microsoft Graph API - new delegated permission removing application permissions
- Graph API Access denied error
- Not able to set Microsoft Graph permissions in Azure Active Directory App Registration
- AAD Graph API Permission Issues