Azure AD OAuth 2.0 Invalid Resource

Question

My web application is using OAuth 2.0 and Azure AD to merely authenticate users. However, the Access Token Response is giving an error saying 'Invalid Resource'. This is because I hadn't include the 'resource' parameter in the Access Token Request.

However, based on MS Azure's Authorization Code Grant Flow , resource is an optional field.

Is there a way to opt out this parameter on the request and still be able to get the access token (more precisely, I need the ID_TOKEN of the user to see whether this user exists in my web app database).

A successful Access Token Response should contain basic user info, which exactly what I need, so I don't need to make any requests to the Web API at all.

In fact, I want to keep only those required fields specified on the OAuth 2.0 documentation, because on my web application users can configure to use Google Identity, MS Azure AD or any other Identifier Providers that support OAuth 2.0 protocols.

Thank you in advance.

EDIT: In other words, is that possible to tell Azure AD in the Access Token Request to ignore the 'resource'? I know Google Identity OAuth2.0 doesn't have this kind of field, and simply specifying scope (e.g. email, profile etc) is sufficient.

Answer 1

Using the "openid" scope in the authorization request should trigger an OpenID Connect flow that would return an id_token and does not require a resource.