Last year, I developed a series of multi-tier applications that used Azure App Service Authentication/Authorization (EasyAuth) with Azure AD. I had two Client UI apps and four APIs.
I was able to set the "Action to take when request is not authenticated" to "Log in with Azure Active Directory" for ALL of the apps. Client UIs and Resource APIs.
Client apps would use ADAL (server side) to acquire access tokens for APIs with both Service Principal and "On Behalf of" flow.
The Problem:
I am now working on a new set of applications and attempting to perform the same actions in the same way, and I can not get it to work.
I can acquire the bearer token with no problem. Even custom AppRoles appear in the claims. The tokens appear to be valid, but they can't get through EasyAuth if I have it set to "Log in with Azure Active Directory".
I also noticed that the access_token returned from a call to /.auth/me is encrypted. This was NOT happening just a few months ago.
To make matters worse, the old apps still function, but the App Registrations are not accessible in the portal, and I cannot inspect the Manifests.
Did something change recently? Is it still possible to hit an EasyAuth endpoint with a bearer token?
