I'm trying to authorize access to our web application by using OAuth 2.0 and Azure AD. Guide here.
The user is redirected to similar URL:
https://login.microsoftonline.com/common/oauth2/authorize?
client_id=d220846b-1916-48d2-888b-9e16f6d9848b&
response_type=code&
response_mode=query&
state=[secure-random]&
redirect_uri=[my_uri]&
resource=[my app ID uri taken from app settings]
I'm getting the following error then:
AADSTS90009: Application 'd220846b-1916-48d2-888b-9e16f6d9848b' is requesting a token for itself. This scenario is supported only if resource is specified using the GUID based App Identifier.
This description does not really help me. I've checked this thread, but I'm still lost.
What does this error mean and which is the GUID based App Identifier? How should the value of the resource look like? Help much appreciated.
Azure Active Directory (Azure AD) supports all OAuth 2.0 flows.
Azure AD supports PKCE on both the v1. 0 and v2.
This error is saying that the field you provided in the resource
parameter is requesting tokens for itself. In the case you do want to get a token for the app specified in the client_id, then you have to pass the client_id in the resource field rather than the app ID URI. At which point you will receive an access token for self.
Alternatively, you can provide an app ID URI of a web API you've registered or another resource with scopes to get tokens for that resource (Microsoft Graph, Office API, etc).
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With