You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The following table provides an example of the parameters used in a sign-in request, which are referenced throughout the following troubleshooting steps:
70
70
@@ -75,7 +75,7 @@ The following table provides an example of the parameters used in a sign-in requ
75
75
|App-ID|`<App-ID>` portion of the sign-in request| 1f92960d-1442-4cd2-8c76-d13c5dcb30bf|
76
76
|Scope|`<Scope>` portion of the sign-in request| Openid+User.Read+Directory.Read.All|
77
77
|App-URI-ID| V1 endpoint: `<App-URI-ID>` portion of the sign-in request</br> </br>V2 endpoint: For resources other than Microsoft Graph, this will be the portion before the scope name. For example, for `https://analysis.windows.net/powerbi/api/App.Read.All`, `App.Read.All` is the scope name, so the `App-URI-ID` is `https://analysis.windows.net/powerbi/api`.|https://graph.microsoft.com|
78
-
|Prompt|`{Prompt}` portion of the sign-in request ||
78
+
|Prompt|`<Prompt>` portion of the sign-in request ||
79
79
80
80
### Step 2: Verify if you allow users to consent
81
81
@@ -143,7 +143,7 @@ You might encounter one of the following behaviors or errors:
143
143
144
144
This error means the resource doesn't exist in your organization. To resolve this issue, use this consent URL: `https://login.microsoftonline.com/<Tenant-ID>/oauth2/authorize?response_type=code&client_id=<App-URI-ID>&prompt=admin_consent`
145
145
146
-
- Error AADSTS650057: Invalid resource. The client has requested access to a resource which is not listed in the requested permissions in the client's application registration. Client app ID: \<App-ID>({App-Display-Name}). Resource value from request: '\<App-URI-ID>'. Resource app ID:{Resource-App-Id}. List of valid resources from app registration: 00000002-0000-0000-c000-000000000000
146
+
- Error AADSTS650057: Invalid resource. The client has requested access to a resource which is not listed in the requested permissions in the client's application registration. Client app ID: \<App-ID>(\<App-Display-Name>). Resource value from request: '\<App-URI-ID>'. Resource app ID:{Resource-App-ID}. List of valid resources from app registration: 00000002-0000-0000-c000-000000000000
147
147
148
148
In order for a client application to sign in and get an access token for a resource, the resource must be assigned the required API permissions that the client application requires, such as access to Azure Key Vault.
149
149
@@ -208,7 +208,7 @@ In most cases, certain permissions that require consent haven't been consented.
208
208
209
209
### Application registrations and enterprise applications
210
210
211
-
In Microsoft Entra, there's an application model that consists of application objects (also called "application registrations") and service principal objects (also called "enterprise applications"). How their relationship works together based on the required permissions is set on the application object. For more information, see [Application and service principal objects in Microsoft Entra ID]](/entra/identity-platform/app-objects-and-service-principals).
211
+
In Microsoft Entra, there's an application model that consists of application objects (also called "application registrations") and service principal objects (also called "enterprise applications"). How their relationship works together based on the required permissions is set on the application object. For more information, see [Application and service principal objects in Microsoft Entra ID](/entra/identity-platform/app-objects-and-service-principals).
212
212
213
213
Simply adding permissions to an application registration doesn't consent to the permissions. To consent to permissions, you must assign permissions to the service principal.
0 commit comments