Unable to Get OAuth Token after setting up Microsoft Intune Spoke

KennC · ‎06-21-2024

We would like to have Microsoft Intune spoke in our Dev instance so we can use the OOTB actions available. This is the article we have been following: https://docs.servicenow.com/bundle/tokyo-application-development/page/administer/integrationhub-stor...
We have checked that the Client Secret is valid and not expired & have confirmed with Client ID that we are wanting to have access to.
It was working initially roughly 4 weeks ago on initial set up - but now it does not work. It will keep asking for us to log into out personal account when it should not need these credentials.
We also found a support article https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1001824 which we have tried but it still does not give us access.

Has anyone else come across this before? We've even reinstalled the spoke and set up the credentials again but its not working.

Thanks

KennC · ‎01-20-2025

Hello,

We on our side raised a HI Ticket in regards to this and have now got it resolved.

The solution for us was to remove all the Entity Profile Scopes on the Profile.

Once we did this and clicked Get Oauth Token - it retrieved fine.

Hope this helps. Only leave Default in the list.

View solution in original post

muktha1 · ‎01-17-2025

Has anybody found a resolution for this issue? I am also facing the same issue. There are a list of scopes given in the Microsoft document for this .

But it throws the following error.

OAuth flow failed. Verify the configurations and try again. Error detail:invalid_scope, AADSTS1002012: The provided value for scope openid offline_access DeviceManagementManagedDevices.PrivilegedOperations.All User.ReadWrite.All profile DeviceManagementApps.ReadWrite.All DeviceManagementManagedDevices.ReadWrite.All is not valid. Client credential flows must have a scope value with /.default suffixed to the resource identifier (application ID URI).

What should we be doing to resolve this? Why do not we have proper SNOW documentation for Oauth Entity scopes for Intune Set up. Can anyone please help?

Tyson3 · ‎01-17-2025

We have the same exact problem... We are going to submit a servicenow support ticket. This sort of stuff is really annoying

KennC · ‎01-20-2025

Hello,

We on our side raised a HI Ticket in regards to this and have now got it resolved.

The solution for us was to remove all the Entity Profile Scopes on the Profile.

Once we did this and clicked Get Oauth Token - it retrieved fine.

Hope this helps. Only leave Default in the list.

gulatia · a month ago

We followed the steps on Set up the Microsoft Intune spoke and clicking on Get OAuth shows page showing approval required on the microsoft side. Any suggestions on how to resolve?

Aman