Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
AADV2TokenProvider only works for special case of MS Graph Tokens
See original GitHub issue- REST Client Version: 0.24.3
- VSCode Version: 1.50.1
- OS Version: Win 10 2004
Steps to Reproduce:
- Make HTTP request using
$aadV2Tokenusing full scope format:
GET https://graph.microsoft.com/v1.0/me
Authorization: {{$aadV2Token new scopes:https://graph.microsoft.com/User.Read}}
- AuthParameters regex fails to parse scopes, and request fails:
Auth call failed. AADSTS70011: The provided value for the input parameter 'scope' is not valid. The scope 'https openid profile' does not exist.
Trace ID: 983bf6d2-935e-473d-908b-1852c4d74d00
Correlation ID: eb41592f-31cd-4da2-8d40-468761cdb892
Timestamp: 2020-10-18 18:03:45Z
#649 is a tremendous contribution by @darrelmiller, and I was really excited to see this in place!
However, the Regex used to parse the token declaration (https://github.com/Huachao/vscode-restclient/blob/f377477ad5802da7575d77047a12d3eba633d22f/src/utils/aadV2TokenProvider.ts#L146), only works for the special case of MS Graph scopes (using a shortened format), and fails when using the generic scope format supported by the MS Identity endpoint. That limits the use of this token provider unnecessarily.
In order to provide a comprehensive migration path from the v1.0 legacy endpoint to the new Microsoft Identity (v2.0) endpoint, the non-standard resource parameter from AAD V1 has been ported over into V2 scopes, see here: https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-v1-app-scopes
Any scopes declared are composed of the Resource Uri followed by the Application-specific scope name. Hence, MS Graph scopes on the V2 endpoint look like this: https://graph.microsoft.com/User.Read, and a valid Power BI API scope would look like this: https://analysis.windows.net/powerbi/api/Tenant.Read.All, for example.
It just happens to be the case that for MS Graph specifically the “https://graph.microsoft.com/” resource uri can be omitted, i.e. “User.Read” is sufficient in the above example.
Not supporting the generic case excludes all other Azure resources from being usable here.
Please adjust the regex accordingly.
Issue Analytics
- State:
- Created 3 years ago
- Comments:7 (5 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@mthierba @despian @darrelmiller @abdulkareemnalband @pschaeflein @drub0y @dracan this has been fixed in the latest version 0.24.6 thanks for @abdulkareemnalband’s contribution.
When calling custom apis that are protected by Azure AD, and if using the default values provided in the Azure Portal, you end up with a scope similar to
api://<guid>/scope.name. (Or, if following some of the ASP.Net samples, theapi://<guid>/scope_name).In this scenario,
\Sis a better alternative than\w.