Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Get a V1 token using MSAL.js

See original GitHub issue

I’m submitting a…


[ ] Regression (a behavior that used to work and stopped working in a new release)
[ ] Bug report  
[ ] Performance issue
[ ] Feature request
[ ] Documentation issue or request
[X] Other... Please describe: General Help

Library version

"@azure/msal-angular": "^0.1.2"

Current behavior

I end up getting a V2 token for an app that requires a V1 token

Expected behavior

I would be able to get a V1 token

Minimal reproduction of the problem with instructions

I have setup an angular project like so:

@NgModule({
	declarations: [AppComponent],
	imports: [
		...,
		MsalModule.forRoot({
			clientID: "{applicationGuid}",
			authority: "https://login.microsoftonline.com/{tenantGuid}/",
		}),
	]
})

Where the application Id is that of Azure Blockchain Workbench product. I have added my applications URLs to the list of Reply URLs for the ADD Application and I am able to get a Bearer token as expected. When I go to use this token with the Blockchain API I get a 401 unauthorized. The only meaningful difference I can see between the tokens is the issuer url and the version

v1 token: https://sts.windows.net/2c72df40-3a20-41cd-a628-424afba070a5/ v2 token: https://login.microsoftonline.com/2c72df40-3a20-41cd-a628-424afba070a5/v2.0

I have a Swagger UI setup that will correctly generate an access token using the same authority and client id which leads me to believe it is the token version that is the issue.

What can I do to fix this?

I have tried setting the consentScope to ["{applicationGuid}/.default"] but then I end up with a v1 token for Microsoft Graph.

Issue Analytics

State:
Created 4 years ago
Reactions:2
Comments:9 (4 by maintainers)

Top GitHub Comments

1reaction

jberlyncommented, May 28, 2020

@jasonnutter I’m sorry but this doesn’t solve the original issue.

The question I believe relates to whether it’s possible to get an AAD v1 token using MSAL, not the access tokens.

If you take a look at the sample tokens in this documentation (https://docs.microsoft.com/en-us/azure/active-directory/develop/access-tokens), you can see that the issuer URL is different. The original poster @Meberem also pointed this out.

I have done as instructed in your document and adjusted the accessTokenAcceptedVersion, but I’m still receiving a v1 ID token when using MSAL.

0reactions

jasonnuttercommented, Jun 2, 2020

@jberlyn By “token” do you mean ID tokens?

Also, see this answer: https://github.com/AzureAD/microsoft-authentication-library-for-js/issues/560#issuecomment-620133340