Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Wrong version of access token (got Azure AD V1 instead of V2)
See original GitHub issueHello,
Using the MSAL.NET library, I successfully retrieved an access token (from an ASP.NET Core 2.1 website). When I copy/paste it in the https://jwt.ms/ website, it indicates that “This is an Azure AD V1 token.”.
Here are the URLs I used:
"Authority": "https://login.microsoftonline.com/[TENANT-ID]/v2.0/",
"Instance": "https://login.microsoftonline.com/[TENANT-ID]/oauth2/v2.0/authorize",
I’m using the Microsoft.Identity.Client 1.1.4-preview0002.
Here is the code that gets the access token:
public async Task<string> GetAccessTokenAsync(IEnumerable<string> scopes)
{
var userCache = new FileTokenCache(
this._protector, this._httpContextAccessor.HttpContext.User);
HttpRequest request = this._httpContextAccessor.HttpContext.Request;
string currentUri = UriHelper.BuildAbsolute(request.Scheme, request.Host, request.PathBase, request.Path);
ConfidentialClientApplication daemonClient = new ConfidentialClientApplication(
this._azureAdSettings.Value.ClientId,
this._azureAdSettings.Value.Authority,
currentUri,
new ClientCredential(this._azureAdSettings.Value.ClientSecret),
userCache.ToTokenCache(),
new TokenCache());
AuthenticationResult authResult = await daemonClient.AcquireTokenSilentAsync(
scopes,
daemonClient.Users.First());
if (authResult != null)
{
return authResult.AccessToken;
}
return null;
}
Why do I get a V1 token instead of the V2 version?
Thanks, Adrien.
Issue Analytics
- State:
- Created 5 years ago
- Reactions:2
- Comments:34 (15 by maintainers)
Top Results From Across the Web
Obtained access token v.1.0 instead v2.0 with B2C user flow
Hello team, I've registered two applications in my B2C tenant that support user flows. One application exposes Web API (both Delegated and ...
Read more >V1 and V2 Identity and Access tokens with Azure Active ...
If you ask for an ID token from the V2 endpoint you get a V2 ID token. Obviously we show the version inside...
Read more >A rambling post on Issuer Claim, v1.0 and v2.0 endpoint ...
I am talking about Azure AD tokens in the context of authentication to ... Access Tokens got via the former flow are v1.0...
Read more >Making Azure AD OIDC Compliant - Abhinav Sonkar
Azure AD is returning the v1.0 token (with iss claim pointing to v1.0 Issuer URI) even when v2.0 endpoints are being called. Since...
Read more >Acquire an OAuth token
To obtain an access token for a new resource, change the object's resource (for an AAD v1.0 token) or scope field (for an...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@ibigbug : the kind of token you’ll get does not depend on the endpoint, but depends on what the Web API you call is capable of supporting. See the accessTokenAcceptedVersion property of the App manifest (the Web API app manifest)
yes @ibigbug, your v2.0 Web API can use MSAL.NET AcquireTokenOnBehalfOfAsync to Acquire, from the v2.0 token it received, a (v1.0) token for VSTS. This is because Azure AD knows that VSTS accepts only v1.0 tokens, and therefore will provide to MSAL.NET a v1.0 token so that your API can call VSTS.