0

when I decode SharePoint access token for Tenant A and B it shows as below
for the tenant A

"scp": "AllSites.FullControl User.Read User.ReadBasic.All"

for the tenant B

"scp": ".1f7f4061-caa1-44c4-b29a-6d877e9a5211"

are there any possible reasons to this kind of result for different tenants where i am expecting Teanat A result.

my token request call is similar to this

                { "grant_type", "authorization_code" },
                 { "client_id", azureConfig.ClientId },
                 { "client_secret", azureConfig.ClientSecret },
                 { "scope", "https://123435350365.sharepoint.com/.default"},
                 { "redirect_uri","url" },
                 { "code", code }
DevÁsith
  • 1,072
  • 12
  • 38

1 Answers1

0

I tried to reproduce the same in my environment and got the scopes successfully in both tenants.

I used the below parameters for both the tenants and got the access token for SharePoint successfully:

enter image description here

After decoding the token, I got the scope for both tenants successfully like below:

enter image description here

  • Please check the scope you are giving for Tenant B and verify whether your tenant has access to SharePoint API or not.
  • After decoding the token for Tenant B please check the aud and iss claims are valid or not.
  • Please note that value for the SharePoint Online Tenant Id may vary for each Tenant.
  • Make sure if you are giving permissions for Microsoft Graph then change the scope to https://graph.microsoft.com/.default.

If still the issue persists, try to raise Azure Support Ticket.

You can refer the below links to get some pointer to resolve the issue:

azure - SharePoint online OAuth2 token invalid_scope - Stack Overflow

How to access SharePoint Online data using Postman - REST API and Bearer token

Rukmini
  • 6,015
  • 2
  • 4
  • 14
  • is there any reason that it returns unusual value for the scope such as "scp": ".1f7f4061-caa1-44c4-b29a-6d877e9a5211" ? – DevÁsith Jun 19 '22 at 15:25