0

I have a working azure authentication layer set to a flask app using flask dance make_azure_blueprint.

blueprint = make_azure_blueprint(
    client_id=client_id,
    client_secret=client_secret,
    tenant=tenant_id,
    scope=[
        scopes.Email,
        scopes.DirectoryReadAll,
        scopes.OpenID,
        scopes.Profile,
        scopes.UserRead,
        scopes.UserReadAll,
        
                ],
    login_url=LOGIN_URL_PATH,
    authorized_url=AUTH_CALLBACK_URL_PATH,
    redirect_url='http://localhost:5000/',
)
app.register_blueprint(blueprint, url_prefix="/login")

where the scopes are : scopes -

DirectoryReadAll = 'Directory.Read.All'
Email = 'email'
GroupMemberReadAll = 'GroupMember.Read.All'
Profile = 'profile'
OpenID = 'openid'
UserReadBasicAll = 'User.ReadBasic.All'
UserRead = 'User.Read'
UserReadAll = 'User.Read.All'

using this I was able to retrieve the user information and display on the app. Now I am trying to combine Azure Time series insights scope "https://api.timeseries.azure.com//user_impersonation". But this is returning an error saying that this cannot be mixed with resource specific groups. enter image description here

SumanthMarigowda-MSFT
  • 1,920
  • 9
  • 14
96k
  • 11
  • 2
  • As your error message describes, they cannot be used in combination because they are two different APIs. – Carl Zhao Jan 28 '21 at 02:24
  • Hi @96k , I had a look at your question list, people would be more positive to help you if you could accept answers. – Doris Lv Jan 28 '21 at 06:12

1 Answers1

0

Your needs are unreachable.

It seems you try to access two apis both default scope and user_impersonation scope. Actually we cannot use multiple scopes to access apis.

You should put the api you want to access in the scope. For example, if you want to access MS graph api, you can put https://graph.microsoft.com/.default. If you want to access a custom api, you can put in api://{back-end app client api}/scope name.

Doris Lv
  • 3,083
  • 1
  • 5
  • 14
  • Thank you for the response. That makes sense. Please Can you explain this `api://{back-end app client api}/scopename` more or direct me to any samples where this is done. – 96k Jan 28 '21 at 15:47
  • You could refer to this link: https://stackoverflow.com/questions/65823524/how-to-update-jwt-version-to-2-0/65824473#65824473 – Doris Lv Jan 29 '21 at 02:14