You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I create in Entra a simple application registration and configure redirect for desktop apps.
Then I define an application ID Uri and expose one scope (user and admin consent)
Then I add this scope into the API permissions for this app (no pre-consent).
If I try to acquire a token, I received the following error:
Fehlercode: CAA20002
Korrelations-ID: 13a2227f-xxxx-4726-b98c-f5144a5fb091
Zeitstempel: 2024-03-18T08:26:12Z
Weitere Informationen: https://www.microsoft.com/wamerrors
Servermeldung: AADSTS90009: Application '28c3605d-xxxx-4180-8dac-
e3ed534b93f3'(28c3605d-xxxx-4180-8dac-e3ed534b93f3) is requesting a
token for itself. This scenario is supported only if resource is specified using the
GUID based App Identifier. Trace ID: 0d0a3d5f-xxxx-4726-b775-e411dbdc0200
Correlation ID: 13a2227f-xxxx-4726-b98c-f5144a5fb091 Timestamp: 2024-03-
18 08:26:12Z
Then I removed "WithBroker" to use browser based login. All works fine, I receive a token.
If I understand correctly, you have a setup where the client needs to call a web api. You represented both using the same app registration. I believe WAM doesn't support this, and you'll need to create a separate app registration for your web api. Please try that.
We try to authenticate and authorize only our app. Later on, this app-registration can add external scopes. But for today we use scope/token only for validation purpose of user account. So we see no need to register two applications (app and api) for one application.
If we disable the broker, it works! So we think, the broker has a problem.
Is there a better approach to use application registration for login purpose of a simple app?
Library version used
4.59
.NET version
Windows 11, Net 4.8, x64
Scenario
PublicClient - desktop app
Is this a new or an existing app?
This is a new app or experiment
Issue description and reproduction steps
Hello,
I create in Entra a simple application registration and configure redirect for desktop apps.
Then I define an application ID Uri and expose one scope (user and admin consent)
Then I add this scope into the API permissions for this app (no pre-consent).
If I try to acquire a token, I received the following error:
Fehlercode: CAA20002
Korrelations-ID: 13a2227f-xxxx-4726-b98c-f5144a5fb091
Zeitstempel: 2024-03-18T08:26:12Z
Weitere Informationen: https://www.microsoft.com/wamerrors
Servermeldung: AADSTS90009: Application '28c3605d-xxxx-4180-8dac-
e3ed534b93f3'(28c3605d-xxxx-4180-8dac-e3ed534b93f3) is requesting a
token for itself. This scenario is supported only if resource is specified using the
GUID based App Identifier. Trace ID: 0d0a3d5f-xxxx-4726-b775-e411dbdc0200
Correlation ID: 13a2227f-xxxx-4726-b98c-f5144a5fb091 Timestamp: 2024-03-
18 08:26:12Z
Then I removed "WithBroker" to use browser based login. All works fine, I receive a token.
Relevant code snippets
Expected behavior
Login with or without broker should returns the same result. The error message is not helpful (and wrong?)
Identity provider
Microsoft Entra ID (Work and School accounts and Personal Microsoft accounts)
Regression
No response
Solution and workarounds
Adding the scope in Authorized client application fix the problem.
The text was updated successfully, but these errors were encountered: