invalid_scope錯誤AADSTS70011，爲什麼我收到此錯誤

Question

public string[] scopes1 = new string[] 
{ 
    "https://graph.microsoft.com/User.Read", 
    "https://graph.microsoft.com/User.ReadWrite", 
    "https://graph.microsoft.com/User.ReadBasic.All", 
    "https://graph.microsoft.com/Mail.Send", 
    "https://graph.microsoft.com/Calendars.ReadWrite", 
    "https://graph.microsoft.com/Mail.ReadWrite", 
    "https://graph.microsoft.com/Files.ReadWrite", 

}; 

public async Task<string> GetAccessToken2() 
{ 
    string url = "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?";//https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize? 
    using (var client = new HttpClient()) 
    { 
     client.BaseAddress = new Uri(url); 


     // We want the response to be JSON. 
     client.DefaultRequestHeaders.Accept.Clear(); 
     client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); 

     // Build up the data to POST. 
     List<KeyValuePair<string, string>> postData = new List<KeyValuePair<string, string>>(); 
     postData.Add(new KeyValuePair<string, string>("grant_type", "client_credentials")); 
     postData.Add(new KeyValuePair<string, string>("client_id", appId)); 
     postData.Add(new KeyValuePair<string, string>("client_secret", appPassword)); 
     postData.Add(new KeyValuePair<string, string>("response_type", "code")); 
     postData.Add(new KeyValuePair<string, string>("response_mode", "query")); 
     // postData.Add(new KeyValuePair<string, string>("client_secret", appPassword));    
     //postData.Add(new KeyValuePair<string, string>("client_secret", appPassword)); 
     postData.Add(new KeyValuePair<string, string>("redirect_uri", "http://localhost/5341/Home/AddC")); 
     postData.Add(new KeyValuePair<string, string>("Scope",string.Join(" ", scopes1)));// "openid offline_access https://graph.microsoft.com/mail.read")); 
     postData.Add(new KeyValuePair<string, string>("state", "12345")); 

     FormUrlEncodedContent content = new FormUrlEncodedContent(postData); 

     // Post to the Server and parse the response. 
     HttpResponseMessage response = await client.PostAsync("Token", content); 
     string jsonString = await response.Content.ReadAsStringAsync(); 
     object responseData = JsonConvert.DeserializeObject(jsonString);    

     // return the Access Token. 
     return ((dynamic)responseData).access_token; 
    } 
} 

{ 「錯誤」： 「invalid_scope」， 「ERROR_DESCRIPTION」：「AADSTS70011：本 對輸入參數 '範圍' 提供的值是無效的。範圍 https://graph.microsoft.com/User.Read https://graph.microsoft.com/User.ReadWrite https://graph.microsoft.com/User.ReadBasic.All https://graph.microsoft.com/Mail.Send https://graph.microsoft.com/Calendars.ReadWrite https://graph.microsoft.com/Mail.ReadWrite https://graph.microsoft.com/Files.ReadWrite無效\ r \ nTrace ID： 17e465ac-9aca-4615-8021-f48ee8f00900 \ r \ nCorrelation ID： 47a584ed-07ca-4a51-bdd1-8cb7364de3ee \ r \ n時間戳：2017-09-15 12：39：26Z「，」error_codes「：[70011]，」timestamp「：」2017-09-15 12:39 ：26Z」， 「trace_id的」： 「17e465ac-9aca-4615-8021-f48ee8f00900」， 「CORRELATION_ID」： 「47a584ed-07ca-4a51-bdd1-8cb7364de3ee」}

Answer 1

到https://login.microsoftonline.com/common/oauth2/v2.0/authorize呼叫是HTTP GET，不是POST。這是回收功能，需要授權碼併發出POST至https://login.microsoftonline.com/common/oauth2/v2.0/token。

原型爲初始GET是（對於可讀性新行）：

https://login.microsoftonline.com/common/oauth2/v2.0/authorize? 
client_id=[APPLICATION ID]& 
response_type=code& 
redirect_uri=[REDIRECT URI]& 
scope=[SCOPE] 

第二階段發出POST。這原型爲：

POST URL: https://login.microsoftonline.com/common/oauth2/v2.0/token 
POST HEADER: Content-Type: application/x-www-form-urlencoded 
POST BODY: grant_type=authorization_code&code=[AUTHORIZATION CODE]& 
      client_id=[APPLICATION ID]&client_secret=[PASSWORD] 
      &scope=[SCOPE]&redirect_uri=[REDIRECT URI] 

也不是，這不是JSON，該Content-Type是application/x-www-form-urlencoded。

我寫了一篇文章一個，而通過授權碼流走與V2端點回來，你可能會發現：Microsoft v2 Endpoint Primer