How can I add Xbox Gamertag scope in Azure App Directory sign in?

Question

EndGoal: Need to get Gamertag of Xbox in Azure App Directory sign in via microsoft account. right now getting basic information name, email, id, display name i just need gamertag for my work.

Getting this error AADSTS70011: The provided request must include a 'scope' input parameter. Trying to add 'XboxLive.signin' this in scope of Azure Redirect and getting this error

In Azure App configuration my configuration are attached in image. also can't find any thing related to xbox

Or there is any alternate way of getting gamertag please feel free to help

scope: ['user.read','offline_access', 'openid'],#XboxLive.signin have added these in the scope while adding XboxLive.signin in scope giving this error please guide if there is a another way of getting gamertag in signin with Azure App Directory

Answer 1

To use Xbox Live services, you will need to register your application with the Microsoft Partner Center. The Xbox Live service can then be used to fetch user profiles, which will include the Gamertag.

To fetch the Xbox Live user profile, you will need to add the Xbox Live service to your application and include the required scopes in your sign-in request.

As illustrated with nextauthjs/next-auth issue 2779:

Under 'API Access' the 'offline_access' permission needs to be added in order for the scope to be allowed.

You seem to have done so already.

A workaround for this problem could involve using Xbox Services API (XSAPI) and following a specific sequence of steps, which includes initializing the Gaming Runtime Services, creating a task queue, initializing XSAPI, signing the user in to the Xbox network, and creating an XboxLiveContext object. This approach allows you to make service calls to Xbox services.

However, the steps above are more related to the code-level implementation of integrating with the Xbox Services. They do not provide a direct solution to use XboxLive.signin scope in Azure App Directory.

---

To add the XboxLive.signin scope to your Azure app registration, you need to have Xbox Live Services in your Microsoft APIs. To get access to Xbox Live services, you need to register your application with the Microsoft Partner Center. Once your app is registered with the Microsoft Partner Center, Xbox Live services will get populated in the Microsoft API.
See "How can I add Xbox Gamertag scope in Azure App Directory sign in"

Here is a general outline of the steps you would take to register your web app in the Microsoft Partner Center:

1. Create or Update Web App in Azure

   • Navigate to the Azure portal - App registrations page to register your app. Sign in to the Azure portal using either a work or school account or a personal Microsoft account.
   • Select New registration.

2. Configure API Access Permissions for Web App

   • Choose your app. Go to Settings of the Web app.
   • In the API Access section, choose Required permissions.
   • For Windows Azure Active Directory permissions:
     • Choose Windows Azure Active Directory permissions.
     • In Applications permissions, select Read directory data.
     • Save the permissions.
   • Note the application ID in the Properties section of your web app.

3. Add a Secret Key to Your App

   • Go to the Keys section of your web app.
   • Enter key description and select duration as 1 or 2 years, as you need.
   • Save and copy the secret key value. This value will not be shown again once you leave this page.

4. Register the Web App in Partner Center

   • Sign in to https://partnercenter.microsoft.com.
   • Choose Dashboard, then choose Account Settings, then choose App Management.
   • In the Web App section, choose Register existing app.
   • Select the web app you created in Azure portal.
   • Choose register your app.

After completing these steps, you should have access to the Xbox Live services in your Microsoft API, and you should be able to add XboxLive.signin to your Azure app registration.
See Register app details for Partner Center for Microsoft National Cloud through the Azure portal

Answer 2

I just spent 2 weeks trying to do that which involved Microsoft support.

Turned out I did not need this in the first place: I am using MSAL JavaScript library, and all it took for the scope to get accepted was explicitly setting auth.authority to 'https://login.microsoftonline.com/consumers' in MSAL config.