Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

microsoft/auth-callback Scope warning during POST.

See original GitHub issue

Django Microsoft Authentication Backend version: 1.3.0 Python version: 3.7 Django Version: 2.1.7 Operating System: Windows 10 Enterprise Google Chrome Version 72.0.3626.121 Chrome Extensions:

  • Ublock Origin
  • Laspass
  • Todoist


I’ve gone through the setup detailed in your documentation and am able to go through all of the authentication steps up until what I think is the hand-off from Microsoft to the admin panel.

What I Did

Setup Project Initialization

django-admin startproject my_project
cd my_project
Sites Configuration

Modified my_project/my_project/ Added ‘django.contrib.sites’ to INSTALLED_APPS

python migrate
python createsuperuser
python runserver

I then navigated to localhost:8000/admin/ to log in with my newly created user and updated the domain from to localhost:8000

Microsoft App Configuration in Azure AD

Created an application in Azure AD Added Reply-URLs

Create Secret Key in Azure AD Configure Django for Azure AD APP

Modified my_project/my_project/ Added ‘microsoft_auth’ to INSTALLED_APPS Added ‘’, to TEMPLATES[‘OPTIONS’][‘context_processors’] Updated MICROSOFT_AUTH_CLIENT_ID to match Application ID in Azure AD Updated MICROSOFT_AUTH_CLIENT_SECRET to match created Secret key in Azure AD Updated MICROSOFT_AUTH_LOGIN_TYPE = ‘ma’ for Azure AD

Modified my_project/my_project/ Added path(‘microsoft/’, include(‘microsoft_auth.urls’, namespace=‘microsoft’)), to urlpatterns


python migrate
python runserver

The Exception

After authentication on through microsoft, I recieve the following Warning from Django:

Warning at /microsoft/auth-callback/ Scope has changed from “User.Read” to “User.Read email profile openid”.

Key Value
Request Method POST
Request http://localhost:8000/microsoft/auth-callback/
Django Version 2.1.7
Exception Type Warning
Exception Value Scope has changed from “User.Read” to “User.Read email profile openid”.
Exception Location C:\ProgramData\Anaconda3\lib\site-packages\oauthlib\oauth2\rfc6749\ in validate_token_parameters, line 455

After searching on the web for a bit I found that for some, updating the scope from “User.Read” to “User.Read profile email openid”, but I don’t think that is something currently modifiable in this project.

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Comments:8 (4 by maintainers)

github_iconTop GitHub Comments

AngellusMortiscommented, Mar 19, 2019

No, it is an environment variable.

$ python runserver

If you are just starting developing something, I would highly recommend using the openid branch. It should be functional, I just need to update and fix all of the tests. There are breaking changes in that branch since the data that comes back from Microsoft is completely different with the new scopes.

AngellusMortiscommented, Mar 19, 2019

Yeah the setup is still the same. The main change is what scopes I use to pass to Microsoft and how the MicrosoftClient class is configured, which are all pretty low level changes. The tests blow up really badly right now, though I think I just fixed those. Just got to write new tests for the new code.

I am going to keep the issue open though until I get the 2.0 version out with the openid branch changes. Mostly for visibility for anyone else that has the issue.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Resolve Microsoft Graph authorization errors
Generally, this error indicates that the user is not privileged enough to perform the request or the user is not licensed for the...
Read more >
Microsoft identity platform and OAuth 2.0 authorization ...
This error usually occurs when the client application isn't registered in Azure AD or isn't added to the user's Azure AD tenant. The...
Read more >
Office.AuthOptions interface - Office Add-ins
Provides options for the user experience when Office obtains an access token to the add-in from AAD v. 2.0 with the getAccessToken method....
Read more >
Unexpected error when performing consent to an application
This article discusses errors that can occur during the process of consenting to an application. If you are troubleshooting unexpected consent ...
Read more >
Redirect URI (reply URL) restrictions and limitations
Redirect URIs in application vs. service principal objects · Always add redirect URIs to the application object only. · Do not add redirect...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found