My web application uses OAuth 2.0 and Azure AD for easy user authentication. However, the response of the access token gives an error saying " Invalid resource ." This is due to the fact that in the access token request I did not include the resource parameter .
However, based on the MS Azure's Grant Flow Authorization Code, the resource is an optional field.
Is there a way to refuse this parameter in the request and still be able to get the access token (more precisely, I need the user ID_TOKEN to find out if this user exists in my web application database).
A successful access token response should contain basic user information, which is exactly what I need, so I don’t need to make any requests to the web API at all.
In fact, I want to keep only those required fields that are specified in the OAuth 2.0 documentation, because on my web application users can configure using Google Identity, MS Azure AD or any other identifier providers that support OAuth 2.0 protocols.
Thanks in advance.
EDIT: In other words, is it possible to tell Azure AD in the Request Token Request to ignore the "resource"? I know that Google Identity OAuth2.0 does not have such a field, and it’s enough to simply specify the area (e.g. email, profile, etc.)
gye