Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Access Token generated with version 1.0, is it expected?
See original GitHub issueCore Library
Core Library Version
2.13.1
Wrapper Library
Wrapper Library Version
2.0.0-beta.3
Description
Access token generated for the resource is in version v1.0.
MSAL Configuration
{
auth: {
clientId: "xxx",
redirectUri: "http://localhost:4200",
postLogoutRedirectUri: "http://localhost:4200",
authority: "https://login.microsoftonline.com/<tenant id>/",
},
cache: {
cacheLocation: BrowserCacheLocation.LocalStorage,
storeAuthStateInCookie: false, // set to true for IE 11
},
}
Protected Resources:
protectedResourceMap.set("https://graph.microsoft.com/v1.0/me", ["user.read"]);
protectedResourceMap.set("http://localhost:3000/**/*", ["client_id/User.Read"]);
Relevant Code Snippets
No response
Identity Provider
Azure AD / MSA
Source
Internal (Microsoft)
Hello Team,
I have registered a new SPA app in azure portal, with Authorization Code Flow with PKCE and Access tokens (used for implicit flows), ID tokens (used for implicit and hybrid flows) both are unchecked. In API Permission section the default are available:
My authentication is working fine, and when I check the ID Token at https://jwt.io/, I find that it is of version v2.0 (“ver”: “2.0”)
In my application I am trying to access an API which uses the same client_id as of my angular application. Following are my protected resources: const protectedResourceMap = new Map<string, Array<string>>(); protectedResourceMap.set(“https://graph.microsoft.com/v1.0/me”, [“user.read”]); protectedResourceMap.set(“http://localhost:3000/**/*”, [“a1b5d359-3288-4ae9-b554-93777b7bd2f8/User.Read”]);
This generates the access token but when I check the token at https://jwt.io/, I find that it is of version v1.0(“ver”: “1.0”)
Could you please let me know, how can I create Access token of version 2.0 when the application Id used by my angular application and node API are same?
NOTE: When I use protectedResourceMap.set(“http://localhost:3000/**/*”, [“User.Read”]);, then I get an Invalid Signature Access token. JsonWebTokenError: invalid signature
NOTE2: Even after exposing the API and adding the scope, application still generates the token in v1.0 protected resource after scope addition: protectedResourceMap.set("http://localhost:3000/**/*", [“api://a1b5d359-3288-4ae9-b554-93777b7bd2f8/Access.API”]);
Scopes:
Issue Analytics
- State:
- Created 2 years ago
- Comments:9 (9 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
The application registration in Azure AD determines the expected version for the access token. If not specified it defaults to a v1 access token.
This is build because you can also have the client application registration in a different tenant (when using some thirth party api). It would be inconvenient if the client application can determine the token version for the api.
So when calling the graph api, there is an app registration for that with the the token version configured.
If you want to switch to v2 tokens check out https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-app-manifest#accesstokenacceptedversion-attribute on how to do that.
The version of the identity token is determined by the endpoint version, so it’s possible to have an ID token with V2 and an access token with V1
Thanks @svrooij! @vinusorout please let me know if you need anything else. Also do you guys think you will benefit from adding this detail in the docs in this repo?