question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Getting Token issued by V1 instead of V2

See original GitHub issue

Core Library

MSAL.js v2 (@azure/msal-browser)

Core Library Version

2.21.0

Wrapper Library

MSAL React (@azure/msal-react)

Wrapper Library Version

1.2.0

Description

When using MSAL to get a token, I receive a token with the V1 issue claim (sts.***). My backend service expects V2 issue though and reports this as unknown issuer and therefore answers with 401. Any way I can influence this to make it work?

Error Message

No response

Msal Logs

No response

MSAL Configuration

{
    auth: {
        clientId: '6b45900f-fee7-41c4-851e-00785a2c8b32',
        authority: 'https://login.microsoftonline.com/0b8f51e5-134a-4768-b108-caa12f30ffc1/'
    }
}

Relevant Code Snippets

var expiry = localStorage.getItem(auth_access_token_expiry_name);
        if (expiry && expiry > new Date()) {
            // we have a valid token
            console.log("Valid token.");
            return Promise.resolve();
        }

        console.log("No token in storage");

        // check if it is a callback
        const location = window.location.href;
        console.log("Location", location);
        const url = new URL(location);
        const hash = url.hash;
        if (hash && hash.startsWith("#/code=")) {
            console.log("Got #/code hash.");
            const test = await msalInstance.handleRedirectPromise(hash);
            console.log("HIER", test);
        }

        // check if we have accounts
        const accounts = msalInstance.getAllAccounts();
        if (!accounts || accounts.length === 0) {
            // no logged in accounts
            return Promise.reject();
        }

Reproduction Steps

See code above.

Expected Behavior

Token with V2 issuer.

Identity Provider

Azure AD / MSA

Browsers Affected (Select all that apply)

Chrome, Firefox

Regression

No response

Source

External (Customer)

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:13 (7 by maintainers)

github_iconTop GitHub Comments

1reaction
jasonnuttercommented, Feb 4, 2022

@ihrigb It is up to you if you want them to be separate registrations, but the scope itself should be registered under “Expose an API” for the app registration for the resource.

1reaction
jasonnuttercommented, Jan 31, 2022

@ihrigb That means the token is for the Microsoft Graph, not your API. To get a token for your API, invoke acquireTokenSilent and only pass the scopes for your API.

Read more comments on GitHub >

github_iconTop Results From Across the Web

V1 and V2 Identity and Access tokens with Azure Active ...
If you ask for an ID token from the V2 endpoint you get a V2 ID token. Obviously we show the version inside...
Read more >
Obtained access token v.1.0 instead v2.0 with B2C user flow
I've registered two applications in my B2C tenant that support user flows. One application exposes Web API (both Delegated and Application ...
Read more >
v1 to v2 Access Token Migration Guide - NationBuilder
Unlike our v1 access tokens, v2 access tokens expire after 24 hours and can only be granted via the OAuth authorization code flow....
Read more >
Wrong version of access token (got Azure AD V1 instead of V2)
The reason why you get the first message (using the V2 endpoint), is because your Web API is not declared as accepting V2...
Read more >
Wrong version of access token (expect V2 , received V1)
The problem is that MsalInterceptor adds V1 token to the URL for the request to my API which expects V2. Azure is configured...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found