Forum Discussion

jonenst's avatar
jonenst
Copper Contributor
Jun 01, 2021

400 Bad Request UndefinedScope ProfileBadRequestException on /oidc/userinfo for some users

Hi,

our working setup stopped working sometime at the end of may (not sure of the exact date). We request a token from the authorization endpoint https://login.microsoftonline.com/<TENANT-ID>/oauth2/v2.0/authorize with the following scopes: "openid User.read profile"

 

we then issue a request to https://graph.microsoft.com/oidc/userinfo with the Authorization: Bearer <TOKEN> and get

 

{
  "error": {
    "code": "BadRequest",
    "message": "{\r\n  \"error\":{\r\n    \"code\":\"UndefinedScope\",\"message\":\"Exception of type 'Microsoft.Fast.Profile.Core.Exception.ProfileBadRequestException' was thrown.\"\r\n  }\r\n}",
    "innerError": {
      "date": "2021-06-01T10:52:35",
      "request-id": "32aeff66-a806-4732-bbba-6872994ef2f7",
      "client-request-id": "32aeff66-a806-4732-bbba-6872994ef2f7"
    }
  }
}

 

 

this used to work for all users. our app is configured to accept "Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)".

This works for professional accounts on my tenantid, but it doesn't work for personal account (tenantid 9188040d-6c67-4c5b-b112-36a304b66dad )

Can you offer any advice ? Thanks in advance

Resources