OAuth 2.0 and Azure Active Directory - error AADSTS90009

Question

I'm trying to authorize access to our web application by using OAuth 2.0 and Azure AD. Guide here.

The user is redirected to similar URL:

https://login.microsoftonline.com/common/oauth2/authorize?
    client_id=d220846b-1916-48d2-888b-9e16f6d9848b&
    response_type=code&
    response_mode=query&
    state=[secure-random]&
    redirect_uri=[my_uri]&
    resource=[my app ID uri taken from app settings]

I'm getting the following error then:

AADSTS90009: Application 'd220846b-1916-48d2-888b-9e16f6d9848b' is requesting a token for itself. This scenario is supported only if resource is specified using the GUID based App Identifier.

This description does not really help me. I've checked this thread, but I'm still lost.

What does this error mean and which is the GUID based App Identifier? How should the value of the resource look like? Help much appreciated.

Answer 1

This error is saying that the field you provided in the resource parameter is requesting tokens for itself. In the case you do want to get a token for the app specified in the client_id, then you have to pass the client_id in the resource field rather than the app ID URI. At which point you will receive an access token for self.

Alternatively, you can provide an app ID URI of a web API you've registered or another resource with scopes to get tokens for that resource (Microsoft Graph, Office API, etc).