OnlineMeetings.ReadWrite.All' that doesn't exist on the resource

Question

I am trying to authenticate via OAuth with the following scopes:

Calendars.ReadWrite,OnlineMeetingArtifact.Read.All,OnlineMeetings.ReadWrite.All,User.Read

However it returns with an error AADSTS650053: The application 'Cvent Production Teams Integration' asked for scope 'OnlineMeetings.ReadWrite.All' that doesn't exist on the resource '00000003-0000-0000-c000-000000000000'. Contact the app vendor.

We have granted to access policy by running the partial scripts.

Request Id: 213064a2-e5fb-48d5-8936-3f9fd35f1e00

Correlation Id: 6cf3d4f2-5b0b-4354-a88f-3fe403919322

Timestamp: 2024-02-15T14:21:41Z

I have other application level scopes Calendars.ReadWrite,OnlineMeetingArtifact.Read.All which work correctly but only the OnlineMeetings.ReadWrite.All errors out.

Can you please help us out here and let us know if we need to add any more permissions to the application?

Thanks,
Vakul

vikram-mfst · Answer

Hello vsehgal Could you please verify that the 'OnlineMeetings.ReadWrite.All' scope is included as an application permission for the corresponding resource in the Azure portal?

vsehgal · Answer

vikram-MFST&nbsp;Hi Vikram,&nbsp;&nbsp;Yes this permission is added in the Application. PFA the screenshot.&nbsp;

vikram-mfst · Answer

Hello vsehgalIt looks like you are calling application permissions in the scopes for a user authentication flow. Users will receive delegated permissions after a successful authentication, not application permissions. Also could you please verify if you are using proper permissions?1)Delegated permissions: Also called scopes, allow the application to act on behalf of the signed-in user.2)Application permissions: Also called app roles, allow the app to access data on its own, without a signed-in user.Authentication and authorization basics - Microsoft Graph | Microsoft LearnAlso make sure that when using multiple scopes in the authentication request, the scopes must be separated with a space.

vsehgal · Answer

Hi Vikram,Thanks for the insight. A little bit background about this integration -Cvent is used by Planners to plan their meetings and events who for their virtual events, utilize MS Teams as a solution. The goal of the integration is to be able to create Online meetings on behalf of any user in that client's tenant. For this the client creates an app reg, with the above scopes and permissions, run partial scripts to create an access policy and apply it globally to all users in their organization. We use the apps credentials to authenticate and it works to create and manage meetings and its registrants on behalf of the organizer that is specified by the planner in Cvent (who is a user in this organization).Hence the application permission. Is there no way to use this OnlineMeetings.ReadWrite.All to be able to create and read the applications on behalf of any user vs just the signed in user?Thanks,Vakul

vikram-mfst · Answer

Hello vsehgalYou can use the OnlineMeetings.ReadWrite permission for delegated access, which allows the app to create, read, update, and delete online meetings on behalf of the signed-in user If you want to create and read online meetings on behalf of any user, you can use application permissions such as OnlineMeeting.Read.All and OnlineMeeting.ReadWrite.All

Forum Discussion

OnlineMeetings.ReadWrite.All' that doesn't exist on the resource

7 Replies

Resources