Whenever I try to create a user from Azure AD spoke. I get this error: " Forbidden Request. Please Check Oauth Token and scope permission."

Roy13
Mega Contributor

‎12-17-2020 05:15 PM

Hello, 

I followed this (https://youtu.be/JOUBcINNF9g) tutorial to setup my Azure AD spoke. but whenever I try to push a user from ServiceNow to Azure Ad it gives me the following error: "Forbidden Request. Please Check Oauth Token and scope permission."

 

Everything that I have created is in the Microsoft Azure AD spoke Scope. And my Oauth token is also valid has anyone else encountered this error before? 

find_real_file.png

Labels:
Preview file
297 KB
0 Helpfuls
  • 5,790 Views
21 REPLIES 21

Sravani36
Tera Expert
In response to Richard Hine

‎07-04-2022 08:07 PM

Hello Richard we are using below graph Api to retrieve the object id from azure by using upn, if we are trying to add multiple users as a input it was able to get only one user response at once for remaining it's showing null or bad request. so here we don't have a chance of using Add multiple users to group.

So we have created multiple user variables in catalog request like user_1,user_2 and below flow will execute for each user but this flow reached the maximum limit and we are able to add only 10 users in single request.

0 Helpfuls

Richard Hine
Tera Guru
Tera Guru
In response to Sravani36

‎07-07-2022 12:17 AM

Sravani,

As mentioned previously, I would update the Azure User provisioning to send the azure object id for the user to a hidden field on the sys_user table, then you already have that value in ServiceNow. The Azure object id for a user is immutable so there is no risk to doing this.

Doing it this way also saves you an IntegrationHub activation looking up each user's object id.

Sometimes it is better to take a step back and simplify the problem rather than complicate the solution....

Thanks,

Richard

0 Helpfuls

Nisha Deol
Tera Contributor
In response to Sravani36

‎05-24-2023 11:34 PM

Hello Sravani, Roy13

 

I came across same issues and also found out the solution. May be it will help others who are getting same error.

You need to go to "all the permissions of azure application" There check for Directory.ReadWriteAll because of this 'Directory.ReadWrite.All' permission error error occurred.

Check attached screenshot.

 

Please click on helpful if you find it. 

 

Thank You

Nisha

Preview file
203 KB
0 Helpfuls

rachel_bown1
Tera Contributor

‎06-16-2022 04:39 AM

Hi, Did you get a resolution for this issue please as i am also facing the same error?

 

Thanks

0 Helpfuls

Richard Hine
Tera Guru
Tera Guru
In response to rachel_bown1

‎06-17-2022 01:55 AM

Rachel,

This issue should only occur if the API permissions in Azure are incorrect.

Best thing to do is open the token retrieved for OAuth using 'Manage tokens' and copy the content into https://jwt.ms and check the permissions granted match those required in the permissions section of this page :-

https://docs.microsoft.com/en-us/graph/api/user-post-users?view=graph-rest-1.0&tabs=http

Hope this helps,

Richard

0 Helpfuls