Zobrazují se příspěvky se štítkemdatacentrum. Zobrazit všechny příspěvky
Zobrazují se příspěvky se štítkemdatacentrum. Zobrazit všechny příspěvky

2024-02-15

Microsoft Dynamics Office Add-in error AADSTS650057

Business Central Excel add-in alias Microsoft Dynamics Office Add-in allows users to read, analyze, and edit data from Microsoft Dynamics systems and publish data changes back to Microsoft Dynamics OData services. 

I had two instances where one was reporting an error AADSTS650057:

Invalid resource. The client has requested access to a resource which is not listed in the requested permissions in the client's application registration.
Client app ID: {appId}({appName}).
Resource value from request: {resource}.
Resource app ID: {resourceAppId}.
List of valid resources from app registration: {regList}.

Official documentation: 

How to debug it? First to find all mentioned App registrations and Enterprise apps in Microsoft Entra and find the configuration especially IDs. Note that AppId is matching with App Id URI.

Open Business Central console and compare what values are set there. Two different app IDs are set

 

What is in the values?

Endpoint URI: https://login.microsoftonline.com/<tenantID>/wsfed?wa=wsignin1.0%26wtrealm=api://<appRegNonExcel>%26wreply=https://<BCurl>/SignIn

Metadata location: https://login.microsoftonline.com/<tenantID>/federationmetadata/2007-06/federationmetadata.xml

So if here is all correct but you have still problem let's check permissions on the App registrations side.

The main BC app reg needs to have exposed API with API.ReadWrite.All permission

v

 

And when this is done, it is possible to add  permissions to "excel App registrations"

Delegated admin permissions must be granted and consented from the previously mentioned app registration to this one. If you cannot see the previous app in the list, you didn't publish it properly.

 

After settings all this correctly the login from Excel add-in proceeded to login screen without error page.

I hope this helped.