I am trying to call Microsoft graph API (ListUsers) with Auth Code grant flow where after authorization I am unable to get the granted permissions in the scope of returned access token thus leading to permission issues. After some time when I fetch the new access token it has all the permission we granted during authorization and I am successfully able to execute the graph API call. The issue could be seen here in the video: https://drive.google.com/file/d/1jmdAb8vrvqkIiYBLccSIPbdUbhxM9JgC/view?usp=sharing
This issue is happening only when I try add the following scopes in the request for auth flow.
- https://graph.microsoft.com/.default
- offline_access
When I don't use offline_access for refresh token, it works completely fine.
Please help me understand the issue and guide me to the resolution.