How to grant the client application access to the requested scope in microsoft azure

Question

I'm getting this error

com.microsoft.aad.msal4j.MsalInteractionRequiredException:
AADSTS70000: The request was denied because one or more scopes requested are unauthorized or expired. The user must first sign in and grant the client application access to the requested scope.

Trace ID: add5eedb-86d5-41bc-bad3-129298e3ca00
Correlation ID: 1d2ab508-8ec6-49d7-abaa-d1b8feaedda8

I register app in Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox) azure account

API permission:

Delegated:

• Calendars.Read
• Calendars.ReadWrite
• offline_access
• openid
• profile
• User.Read
• User.Read.All
• email
• Mail.Read

Application:

• Calendars.Read
• Calendars.ReadWrite

I give the required permission and scope (Expose an API) in azure portal still I'm getting this error. I tried to solve this error for more then a days I don't understand What am I doing wrong?

It was not asked calendar's permission when user login.

I have used msal4j version 1.6.1 dependency

How can I solve this error?

Answer 1

I have solved this problem by adding Calendars.ReadWrite scope in AuthorizationRequestUrlParameters

---

In the below string updatedScopes I had passed null so it's consider default scope of Microsoft and not asked calendar permission.

String updatedScopes = scope == null ? "Calendars.ReadWrite" : scope;
        
PublicClientApplication pca = PublicClientApplication.builder(clientId).authority(authority).build();
AuthorizationRequestUrlParameters parameters = AuthorizationRequestUrlParameters
.builder(redirectURL,Collections.singleton(updatedScopes))
.responseMode(ResponseMode.QUERY)
.prompt(Prompt.SELECT_ACCOUNT).state(state).nonce(nonce)
.claimsChallenge(claims).build();