question

Chibu-3202 avatar image
0 Votes"
Chibu-3202 asked saldana-msft edited

Using Edu Graph API to read and write classes from an ASP.Net MVC application

Hello guys!

I have granted and consented to all necessary education permissions for my application on Azure AD, Azure portal.

The issue i get when i load my demo application, says it cannot see the permission in my scope, AADSTS650053: The application 'graphapitest' asked for scope 'EduRoster.ReadWrite.All' that doesn't exist on the resource

using delegate authentication for my application,
Any ideas on what i can try next would be very helpful
P.S- i removed the secret to screenshot
@DianaWanjuhi-1579

94050-screenshot-68.png94091-screenshot-66.png94053-screenshot-63.png94054-screenshot-65.png


microsoft-graph-teamworkmicrosoft-graph-applicationsmicrosoft-graph-education
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MikeMast-1320 avatar image
0 Votes"
MikeMast-1320 answered

EduRoster.Read.All is an application permission. For delegated, please use EduRoster.Read.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

OhmoriDeveloper-6149 avatar image
0 Votes"
OhmoriDeveloper-6149 answered MikeMast-1320 commented

EduRoster.Read in delegated mode return the following error to me:

{"statusCode":403,"code":"AccessDenied","requestId":"97ce439a-3ddb-4d77-9014-ce83b37843b4","date":"2022-01-13T06:47:11.000Z","body":"{\"code\":\"AccessDenied\",\"message\":\"Required scp claim values are not provided.\",\"innerError\":{\"date\":\"2022-01-13T03:47:11\",\"request-id\":\"97ce439a-3ddb-4d77-9014-ce83b37843b4\",\"client-request-id\":\"5b2a5a7d-4603-b95c-964d-25e70440f146\"}}"}


Required scp claim values are not provided.

In the SPN i consent all permissions (EduRoster.ReadWrite.All, EduRoster.ReadWrite and various others).

In JWT return this in scp:

"scp": "Calendars.Read Calendars.ReadWrite Directory.Read.All EduRoster.Read EduRoster.ReadBasic EduRoster.ReadWrite MailboxSettings.Read openid People.Read profile User.Read User.ReadBasic.All email",


I'm using @azure/msal-browser and @azure/msal-react in a react project.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I apologize. I made a mistake. The delegated permission is named EduRoster.ReadBasic.

0 Votes 0 ·