0

I am trying to create meeting on behalf of a user for that I am trying to get the code. I have registered the app on Azure. Also generated Application(Client) ID I have also added the required permission in the API. But when I am visiting this page the page asks for the email id but once the users fill the email id it says The provided value for the input value scope is not valid for OnlineMeeting.ReadWrite in the redirect URL.

enter image description here

What am I missing here?

Edit 1

As suggested by @Rukmini I tried this and here is the relevant details.

To obtain the the code I am building url like this image:

enter image description here

This does not work when I pass the OnlineMeetings.ReadWrite scope. But when I pass https://graph.microsoft.com/.default as scope it works and I am able to authenticate and generate a code. Then I can use that code to get the access token like following image. But using this access token I can not create the meeting as it does not have the OnlineMeetings.ReadWrite scope as stated in this doc https://learn.microsoft.com/en-us/graph/api/application-post-onlinemeetings?view=graph-rest-1.0&tabs=http

enter image description here

What can I do to generate code and access token for the OnlineMeetings.ReadWrite scope so that I can create the meeting on users behalf?

Edit

I generated the authorization URL as suggested by @Rukmini using the following query parameters.

enter image description here

When I visited the link, I was presented with a login screen but as my previous error I see the same screen. Am I missing something here? Do I need to verify my app? Or do I have to only use some specific IDs like we do in GCP and AWS?

enter image description here

halfer
  • 19,824
  • 17
  • 99
  • 186
FightWithCode
  • 2,190
  • 1
  • 13
  • 24
  • 2
    Could you confirm which Grant Type you are using? and did you try using `https://graph.microsoft.com/.default` as scope? – Rukmini Jan 24 '23 at 12:10
  • @Rukmini I have updated the question description with relevant information please check it and let me know what I can do. – FightWithCode Jan 24 '23 at 17:12
  • 1
    To generate code I used this Enpoint `https://login.microsoftonline.com/TenantID/oauth2/authorize? &client_id=ClientID &response_type=code &redirect_uri=redirecturi &response_mode=query &scope=OnlineMeetings.ReadWrite &state=12345` – Rukmini Jan 24 '23 at 17:37
  • 1
    Generated access token like [**this**](https://i.imgur.com/qvrUWFM.png) and with that access token I am able to create Online meetings [**successfully**](https://i.imgur.com/MhAoHAC.png). – Rukmini Jan 24 '23 at 17:38
  • I see you are passing TenantID what should I use at this place. I have added all the params in the url but the problem still exists i get [this](http://localhost:8000/auth-redirect?error=invalid_scope&error_description=The%20provided%20value%20for%20the%20input%20parameter%20%27scope%27%20is%20not%20valid.%20The%20scope%20%27OnlineMeetings.ReadWrite) and [this](https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=client_id&response_type=code&redirect_uri=uri&response_mode=query&scope=OnlineMeetings.ReadWrite&state=12345) is my url which I am using to authenticate – FightWithCode Jan 24 '23 at 18:23
  • I am mainly having problem at the first step of getting the code on my redirect uri after the user authenticates. In my case user is not able to authenticate because of invalid scope. – FightWithCode Jan 24 '23 at 18:27

1 Answers1

1

I tried to reproduce the same in my environment and got the results successfully like below:

I created an Azure AD Multi-Tenant Application:

enter image description here

I granted Admin Consent to the API permissions like below:

enter image description here

I generated the code by using below endpoint and authorizing it via browser:

https://login.microsoftonline.com/common/oauth2/v2.0/authorize?
&client_id=ClientID
&response_type=code
&redirect_uri=https://jwt.ms
&response_mode=query
&scope=OnlineMeetings.ReadWrite
&state=12345

enter image description here

Now, I generated access token by using the below parameters:

https://login.microsoftonline.com/common/oauth2/v2.0/token

client_id:ClientID
client_secret:ClientSecret
scope:OnlineMeetings.ReadWrite
grant_type:authorization_code
redirect_uri:https://jwt.ms
code:code

enter image description here

Decode the access token using jwt.ms and check whether the scope is OnlineMeetings.ReadWrite:

enter image description here

I am able to create the Online meetings successfully by using the below query:

https://graph.microsoft.com/v1.0/me/onlineMeetings
Content-Type: application/json

{
"startDateTime":"2023-01-12T14:30:34.2444915-07:00",
"endDateTime":"2023-02-12T15:00:34.2464912-07:00",
"subject":"User Token Meeting"
}

enter image description here

Rukmini
  • 6,015
  • 2
  • 4
  • 14
  • I see you are passing TenantID what should I use at this place. I have added all the params in the url but the problem still exists i get this and this is my url which I am using to authenticate – FightWithCode Feb 01 '23 at 09:13
  • No, I am using the `common` endpoint only, Please Check my answer. – Rukmini Feb 01 '23 at 10:53
  • 1
    Okay I will try with this things also. And will update you – FightWithCode Feb 01 '23 at 12:39
  • @Rukmuini please check my edit 2. I did the same thing as you did but not success could you please let me know if I am missing something. While adding the permission or while configuring the app. Do I need some specific steps to do so? – FightWithCode Feb 02 '23 at 04:25
  • Can you try generating the auth code via browser? – Rukmini Feb 02 '23 at 04:29
  • Did you include the ClientID while generating auth-code – Rukmini Feb 02 '23 at 04:30
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/251558/discussion-between-rukmini-and-fightwithcode). – Rukmini Feb 02 '23 at 04:32