You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In some tenants where I'm testing, when I obtain a JWT using the authorization code flow the default set of permissions/scope will be different even when using the same Client and Resource combination.
Example:
Client ID: Microsoft Teams (1fec8e78-bce4-4aaf-ab1b-5451cc387264)
In some tenants I will obtain the whole set of permissions/scope defined in firstpartyscopes.json but in others they will be limited to only a few or none. I will get a JWT back nonetheless but it will be mostly useless as API calls will return 403 as the scope is limited.
I've been trying to figure out what mechanism is used to limit the scopes returned to an external app such as Microsoft Teams when accessing a specific resource but I can't figure it out.
Apologies if this isn't the right place to ask.
Any insight would be greatly appreciated.
Thank you!
The text was updated successfully, but these errors were encountered:
Hi,
In some tenants where I'm testing, when I obtain a JWT using the authorization code flow the default set of permissions/scope will be different even when using the same Client and Resource combination.
Example:
In some tenants I will obtain the whole set of permissions/scope defined in firstpartyscopes.json but in others they will be limited to only a few or none. I will get a JWT back nonetheless but it will be mostly useless as API calls will return 403 as the scope is limited.
I've been trying to figure out what mechanism is used to limit the scopes returned to an external app such as Microsoft Teams when accessing a specific resource but I can't figure it out.
Apologies if this isn't the right place to ask.
Any insight would be greatly appreciated.
Thank you!
The text was updated successfully, but these errors were encountered: