You may need to add a scope in this form: [Relying Party Identifier]/openid
resource optional The URL of your web API. Note – If using MSAL client library, the resource parameter isn't sent. Instead, the resource URL is sent as a part of the scope parameter: scope = [resource url]//[scope values, for example, openid]If resource isn't passed here or in scope, AD FS uses a default resource urn:microsoft:userinfo. userinfo resource policies such as MFA, issuance, or authorization policies can't be customized.