Which scope use to get the access token for Microsoft credential
Question
I'm trying to do postman access token request to reach the following api :
however the result returned is always the same:
"error": { "code": "Unauthorized", "message": "Unauthorized", "target": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" }
POST: https://login.microsoftonline.com/%7Btenant-id%7D/oauth2/v2.0/token
Body:
client_id: my client id
scope: https://graph.microsoft.com/.default
client_secret: my client secret
grant_type: client_credentials
Header:
Content-Type: x-www-form-urlencoded
The response return me a token that is apparently not recognized by the first request...
I've tried several scopes such as: /.default, user.read openid profile offline_access, https://graph.microsoft.com/.default.. .
Even if they are all returning me a token, none of them seems to work.
I've also added the right to WindowsDefenderATP > Vulnerability.read, from the azure portal.
Is the problem the scope? What scope should I use if I have a client credential grant type?
1 answers
solution1
0 ACCPTED 2022-04-05 13:27:35
You can follow this page in documentation .
You need an application permission since you are making the request with only application credentials. In this case I think you need the Vulnerability.Read.All permission. Don't forget to grant admin consent after adding the required permission.
Here is the scope you should use:
https://api.securitycenter.microsoft.com/.default
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.