[Microsoft Login Connector - Traditional Web] Which (if any) API Permissions are required to use Microsoft Login Connector?
microsoft-login-connector
Web icon
Forge component by Paul Davies
Application Type
Traditional Web

I'm new to the Microsoft Login Connector and trying to set it up for authentication for our Web and Reactive applications.  I'm using the current versions of Connector, Connector Reactive, Connector Core, and Connector Management.   (The associated MS Login Demo seems out-of-date so didn't use it).  I've attempted to follow the steps documented in Connector to start with but am receiving the following message after successfully completing the login prompt:

AADSTS650056: Misconfigured application. This could be due to one of the following: the client has not listed any permissions for 'Microsoft Graph' in the requested permissions in the client's application registration. Or, the admin has not consented in the tenant. Or, check the application identifier in the request to ensure it matches the configured client application identifier. Or, check the certificate in the request to ensure it's valid. Please contact your admin to fix the configuration or consent on behalf of the tenant. Client app ID: xxxxxxxxxx

I'm sure the client app ID is correct, so I'm thinking I may need to add permissions for 'Microsoft Graph' for our registered application or I'm missing a parameter that specifies some permission in the connector set up? I didn't see that adding API Permissions was a required step covered in the documentation.  Please clarify whether this is needed for MS Login Authentication and what standard or minimum permissions are required to allow the user to login and authenticate using this connector.

Thanks in advance.

After some trial and error, it appears that there are required Registered App API permissions for the current version of the Microsoft Login to work.   I added those seen in attached from Microsoft Graph Delegated Permissions section.  Then the authentication resolved as expected.  If this is part of the correct procedure for the current Azure configuration pages, please consider adding this to your documentation. Thank you!

microsoftgraphpermissions.JPG

Hi Lennie,

Normally the default permissions needed for the Microsoft Graph are already configured when you create the Azure AD application. Did you perhaps remove these when you created the application or did you get an empty API configuration when you registered the application.

Greetings,

Vincent

Hi Vincent,

        I didn't see any default permissions given to my new application in Azure, but rather in API Permissions, I had to specifically choose Microsoft Graph and select the 2 delegated permissions.  Is perhaps current version of Azure more fine grained than it was in the past?  If someone has gone through these steps recently, that has done this in the past, can this be confirmed and consider updating the documentation?

Regards,

Lennie

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.