Trying to access v2 endpoint hosted by webapi but no luck, right if only the graphical api is running on v2 now?
If the webapi is running on a v2 endpoint, the goal was to access through a single call to both the graphics and the custom webapi using the v2 authentication code grant flow using as shown below
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=14e9111f3e1-d220-415d-9bf4-d089f0b5feff&response_type=code&redirect_uri=https%3A%2F%2Flocalhost%3A8081%2Fartifactory%2Fwebapp%2Fsaml%2FloginResponse&response_mode=query&scope=api%3A%2F%2F14e9f3e1-d220-415d-9bf4-d089f0b5feff%2Faccess_as_user%20https%3A%2F%2Fgraph.windows.net%2Fuser.read%20openid%20offline_access&state=12345
with scope
api://14e9f3e1-d220-415d-9bf4-d089f0b5feff/access_as_user https://graph.windows.net/user.read openid offline_access
However, continue to fail with an invalid scope error. If I pulled the custom webapi from the resource everything went great.
Further, there is a limitation for webpi which is
Web API can only receive tokens from an application that has the same Application ID. You cannot access the web API from a client with a different App ID.
So I am confused how to archive the purpose of using the v2 endpoint to authenticate and access the graphics and webapi?
- edit the error message "AADSTS65005: application" blah "requested a scope" user.read "that does not exist on the resource. Contact the application vendor.
source to share
Today, the v2 endpoint cannot issue an access token for a custom API. The feature is under active development, but there is no ETA to share. Also note that even when the feature is available, you cannot reuse the same access token for multiple resources; you will be able to agree to multiple resources at once, so your user will only promote once, but you will need to request access tokens for each resource separately.
source to share