ADSTS28003: Provided value for the input parameter scope cannot be empty when requesting an access token using the provided authorization code
See original GitHub issueI upgraded from 0.1.3
to 0.2.2
(also tried 0.3.1-alpha
with the same result) and now I cannot login into my app anymore.
I know it has something to do with the extraScopes
.
In my code I call the following method overload of acquireToken
:
application.acquireToken(
this.bridge.getActivity(),
new String[]{apiScope},
hints.getString("login_hint", ""),
null,
extraQueryParameters,
extraScopes, // <===== if I set the extra scopes to null it works!
null,
new AuthenticationCallback() {
@Override
public void onSuccess(AuthenticationResult authenticationResult) {
makeSuccessCall(authenticationResult, call);
}
@Override
public void onError(MsalException exception) {
call.error(ErrorResultCreator.CreateMsalError(exception), exception);
}
@Override
public void onCancel() {
call.reject(ErrorResultCreator.CreateCancel());
}
});
The values of the extra scopes are :
https://graph.microsoft.com/User.Read
https://graph.microsoft.com/User.ReadBasic.All
In my app I get the screen to choose accounts, where I then select my AzureAd account and then the callback is in the onError
method and the following error occurs:
msal-error::AADSTS28003: Provided value for the input parameter scope cannot be empty when requesting an access token using the provided authorization code. Please specify a valid scope.
Trace ID: whatever
Correlation ID: whatever
Timestamp: 2019-06-12 14:18:28Z::invalid_request
com.microsoft.identity.client.exception.MsalServiceException: AADSTS28003: Provided value for the input parameter scope cannot be empty when requesting an access token using the provided authorization code. Please specify a valid scope.
Trace ID: whatever
Correlation ID: whatever
Timestamp: 2019-06-12 14:18:28Z
at com.microsoft.identity.client.internal.controllers.ExceptionAdapter.exceptionFromAcquireTokenResult(ExceptionAdapter.java:90)
at com.microsoft.identity.client.internal.controllers.MSALApiDispatcher$1.run(MSALApiDispatcher.java:108)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
at java.lang.Thread.run(Thread.java:764)
I also deed a little deep dive (debug) into your code and it looks like this is the URL which is called (if this is of any help, I slightly changed the unique ids, for privacy reasons):
https://login.microsoftonline.com/common//oAuth2/v2.0/authorize?x-client-CPU=arm64-v8a&response_type=code&x-client-Ver=0.2.1&code_challenge_method=S256&x-client-DM=ONEPLUS A5000&x-client-OS=28&x-client-SKU=MSAL.Android&client_id=my-client-id-which-is-a-guid&client-request-id=request-id-which-is-aguid&scope=openid profile offline_access api://my-api-id-which-is-a-guid/access_as_user https://graph.microsoft.com/User.Read https://graph.microsoft.com/User.ReadBasic.All&redirect_uri=msalredirecturi-id://auth&state=YmY3OTA1ZDUtNmYxMi00NWI0LTlkOWItM2Q2MTg3NGY1MzhkLTVjYjk5OGFmmystate&prompt=select_account&code_challenge=6nqJZUGG3RcvJXbukJ5juIx3555challengecode&domain_hint=
Any idea what the problem could be? Did you change something?
Issue Analytics
- State:
- Created 4 years ago
- Comments:11 (10 by maintainers)
Top Results From Across the Web
Provided value for the input parameter scope cannot be empty ...
ADSTS28003 : Provided value for the input parameter scope cannot be empty when requesting an access token using the provided authorization code # ......
Read more >Azure OAuth Login - Was working, now getting ...
... The provided value for the input parameter scope cannot be empty when requesting an access token using the provided authorization code.
Read more >Error - "input parameter 'scope' is not valid" when requesting ...
I repeatedly receive "input parameter 'scope' is not valid" with no helpful alternatives. Do I have to request all my app's scopes at...
Read more >Graph API getting a scope error when trying to get Oauth Token
Click get Oauth Token and get the followign error (redacted): OAuth ... The provided value for the input parameter 'scope' is not valid....
Read more >OpenID Connect Scopes - Auth0
Once the user authorizes the requested scopes, the claims are returned in an ID Token and are also available through the /userinfo endpoint....
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
We are also blocked on the same bug. Please provide an eta for next release or at least provide instructions to build from latest dev.
The bug is relative to the token request. The authorization request is the same.