Getting Token issued by V1 instead of V2
See original GitHub issueCore Library
MSAL.js v2 (@azure/msal-browser)
Core Library Version
2.21.0
Wrapper Library
MSAL React (@azure/msal-react)
Wrapper Library Version
1.2.0
Description
When using MSAL to get a token, I receive a token with the V1 issue claim (sts.***). My backend service expects V2 issue though and reports this as unknown issuer and therefore answers with 401. Any way I can influence this to make it work?
Error Message
No response
Msal Logs
No response
MSAL Configuration
{
auth: {
clientId: '6b45900f-fee7-41c4-851e-00785a2c8b32',
authority: 'https://login.microsoftonline.com/0b8f51e5-134a-4768-b108-caa12f30ffc1/'
}
}
Relevant Code Snippets
var expiry = localStorage.getItem(auth_access_token_expiry_name);
if (expiry && expiry > new Date()) {
// we have a valid token
console.log("Valid token.");
return Promise.resolve();
}
console.log("No token in storage");
// check if it is a callback
const location = window.location.href;
console.log("Location", location);
const url = new URL(location);
const hash = url.hash;
if (hash && hash.startsWith("#/code=")) {
console.log("Got #/code hash.");
const test = await msalInstance.handleRedirectPromise(hash);
console.log("HIER", test);
}
// check if we have accounts
const accounts = msalInstance.getAllAccounts();
if (!accounts || accounts.length === 0) {
// no logged in accounts
return Promise.reject();
}
Reproduction Steps
See code above.
Expected Behavior
Token with V2 issuer.
Identity Provider
Azure AD / MSA
Browsers Affected (Select all that apply)
Chrome, Firefox
Regression
No response
Source
External (Customer)
Issue Analytics
- State:
- Created 2 years ago
- Comments:13 (7 by maintainers)
Top Results From Across the Web
V1 and V2 Identity and Access tokens with Azure Active ...
If you ask for an ID token from the V2 endpoint you get a V2 ID token. Obviously we show the version inside...
Read more >Obtained access token v.1.0 instead v2.0 with B2C user flow
I've registered two applications in my B2C tenant that support user flows. One application exposes Web API (both Delegated and Application ...
Read more >v1 to v2 Access Token Migration Guide - NationBuilder
Unlike our v1 access tokens, v2 access tokens expire after 24 hours and can only be granted via the OAuth authorization code flow....
Read more >Wrong version of access token (got Azure AD V1 instead of V2)
The reason why you get the first message (using the V2 endpoint), is because your Web API is not declared as accepting V2...
Read more >Wrong version of access token (expect V2 , received V1)
The problem is that MsalInterceptor adds V1 token to the URL for the request to my API which expects V2. Azure is configured...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@ihrigb It is up to you if you want them to be separate registrations, but the scope itself should be registered under “Expose an API” for the app registration for the resource.
@ihrigb That means the token is for the Microsoft Graph, not your API. To get a token for your API, invoke
acquireTokenSilent
and only pass the scopes for your API.