Use with different ResourceUri's?

Question

Use with different ResourceUri's?

Chris1WK opened this issue 2 years ago · 2 comments

Reading this page from Microsoft documentation they indicate you can use the MSAL modules for resources other than the graph - Microsoft security center in this case (api.securitycenter.microsoft.com). Their example appears to be a copy-pasta for accessing some AAD/SharePoint scopes.

https://learn.microsoft.com/en-us/microsoft-365/security/defender/api-create-app-user-context?view=o365-worldwide#get-an-access-token-on-behalf-of-a-user-using-powershell

It doesn't seem to have a parameter to specify the resource. Maybe I am missing something?

Answer 1 · 2023-08-01T14:56:18.000Z

Well you have scopes in there

Scopes = 'https://graph.microsoft.com/User.Read.All','https://graph.microsoft.com/Files.ReadWrite'

Scope is the OAuth2 equivalent of the old "resource". It's like a resource, but more granular.

Answer 2 · 2023-08-03T20:06:31.000Z

Doh, I see what happened. I originally tried that, and it failed with an AAD 50131 error with PS Core. I (foolishly) assumed it wasn't capable. I just tried the same thing on PS 5.1 (ISE) and it works with scopes similar to this - "https://api.securitycenter.windows.com/AdvancedQuery.Read".