Error "invalid_grant" AADSTS65001 when trying to exchange access token

Question

I am trying to get an access token by exchanging it using this https://login.microsoftonline.com/common/oauth2/v2.0/token

These are the parameters which are valid:

And when I add another permission in the scope, like this one: Files.Read.All. It returns this message:

{
    "error": "invalid_grant",
    "error_description": "AADSTS65001: The user or administrator has not consented to use the application with ID 'bbb71de5-d64e-4ad1-9994-40d0ff295dbb' named 'TeamsAddIn'. Send an interactive authorization request for this user and resource.\r\nTrace ID: 86abe785-dc17-4a3f-9884-ff9582c2cb00\r\nCorrelation ID: b7b8a51a-78bc-410b-861f-ebcb4bd76adc\r\nTimestamp: 2022-05-18 10:51:47Z",
    "error_codes": [
        65001
    ],
    "timestamp": "2022-05-18 10:51:47Z",
    "trace_id": "86abe785-dc17-4a3f-9884-ff9582c2cb00",
    "correlation_id": "b7b8a51a-78bc-410b-861f-ebcb4bd76adc",
    "suberror": "consent_required"
}

I have the consent granted withing the app:

And also have consented using this multiple times: https://login.microsoftonline.com/{tenant id}/adminconsent?client_id={client id}&state=12345&redirect_uri={redirect_uri}

How could I resolve this?

Answer 1

Using this url to grant access worked: https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=<yourClientID>&response_type=token+id_token&redirect_uri=<YourRedirectUri>&scope=user.read+openid+profile+email&response_mode=fragment&state=12345&nonce=678910