Getting Error About Duplicate Claim Names

[palchak]

Hello can you please tell me how to fix this error while TF is applying.
The plan works fine, but i get this error during apply

random_uuid.random_id[0]: Creating...
random_uuid.random_id[1]: Creation complete after 0s [id=8b53308a-935b-3b74-5057-e5c04b94cbf0]
random_uuid.random_id[0]: Creation complete after 0s [id=86998cd5-e00b-661c-44b6-2e8f97ba0407]
random_uuid.random_id[2]: Creation complete after 0s [id=45e4b9c3-c222-a40f-bb80-186057ceb1c0]
random_uuid.random_id[3]: Creation complete after 0s [id=4b592527-af67-e5d6-a12e-d090d701acbe]
module.azurerm_app_reg.azuread_application.app-reg: Creating...
╷
│ Error: Could not create application
│ 
│   with module.azurerm_app_reg.azuread_application.app-reg,
│   on ../App-Registration/Modules/main.tf line 27, in resource "azuread_application" "app-reg":
│   27: resource "azuread_application" "app-reg" {
│ 
│ ApplicationsClient.BaseClient.Post(): unexpected status 400 with OData
│ error: Request_BadRequest: Duplicate claim names are not allowed in the
│ same token.
╵

This is my module code

resource "random_uuid" "random_id" {
  count = 4
}

module "azurerm_app_reg" {

  source = "../App-Registration/Modules"
  #providers    = { azuread = azuread, azurerm = azurerm }
  display_name = "GL-Application"
  tags         = ["Sample App", "Terraform"]
  client_id    = var.client_id
  client_secret = var.client_secret

  owners = [data.azuread_client_config.current.object_id]

  # To set application uri to api//<app_id>, you need to update via script, this is not possible in terraform
  identifier_uris = ["https://gl-application.onmicrosoft.com"]

  prevent_duplicate_names = true

  #use this code for adding scopes
  api = {
    mapped_claims_enabled          = false
    requested_access_token_version = 2
    known_client_applications      = []
    oauth2_permission_scope = [{
      admin_consent_description  = "Role use to secure the api for TestScope_01"
      admin_consent_display_name = "TestScope_01"
      id                         = element(random_uuid.random_id[*].result, 0)
      type                       = "User"
      value                      = "TestScope_01"
    }]
  }

  #use this code for adding app_roles
  app_role = [
    {
      allowed_member_types = ["Application"]
      description          = "Giving write permission to the apim proxy as 'Query-01.Read'"
      display_name         = "Query-01.Read"
      id                   = element(random_uuid.random_id[*].result, 1)
      value                = "Query-01.Read"
    },
    {
      allowed_member_types = ["Application"]
      description          = "Giving write permission to the apim proxy as 'Query-01.Write'"
      display_name         = "Query-01.Write"
      id                   = element(random_uuid.random_id[*].result, 2)
      value                = "Query-01.Write"
    }
  ]

  #use this code for adding api permissions
  required_resource_access = [{
    # Microsoft Graph
    resource_app_id = "00000003-0000-0000-c000-000000000000"

    resource_access = [{
      # User.Read
      id   = "e1fe6dd8-ba31-4d61-89e7-88639da4683d"
      type = "Scope"
    }]
  }]


  optional_claims = {
    access_token = {
      name = "myclaim"
    }
    access_token = {
      name = "otherclaim"
    }
    id_token = {
      name                  = "userclaim"
      source                = "user"
      essential             = true
      additional_properties = ["emit_as_roles"]
    }
  }

  web = {
    redirect_uris = ["https://abc.com/", "https://cde.com/", "https://fgh.com/abc", "https://ijk.com/"]
  }

}

[Pujago]

Hi there,

From the error it looks you might have roles or scopes that are already there in azure ad? Can you please change the "value" of scope or roles and try again?