SPA app signs in the AzureAD and get the access token api:api app id/acces_as_user. However no roles are in the access token.
*created() {
//this.$msal.signOut();
if (!this.$msal.isAuthenticated()) {
this.$msal.signIn();
}
else{
console.log(this.$msal)
// get access token to webapi
this.$msal
.acquireToken({scopes: ["api://58ca819e-/access_as_user"]})
.then((res)=>{
console.log(res)
auth.accessToken = res
})
.catch(err=>console.error(err))
}
},*
Any idea please?
My configuration:
AzureAD user has been assigned to role admin in api app:
SPA client (Vue): configured to azure ad client app
Vue.use(msal, {
auth: {
clientId: 'be7e77ba-',
tenantId: '3a0cf09b-',
redirectUri: appInfo.redirectUri,
autoRefreshToken: true,
},
cache: {
cacheLocation: 'localStorage',
},
});
ASPNET Core WebAPI: confiured to azure ad api app
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"ClientId": "58ca819e-",
"TenantId": "3a0cf09b-"
},
AzureAD client app: has a permission to api app api:api app id/acces_as_user
API Permissions:
AzureAD api app: has scope api:api app id/acces_as_user, app role admin, token configuration to include groups as roles.
Token Configuration:
App roles:
Expose an API:
adminapp role? And if you decode the access token in jwt.io, does it contain the correctscpclaim? – Allen Wuscp: access_as_userwhich allows me to access webapi but no roles appears. – beewest