Reputation: 12988
How can I validate MSAL token on API Management?
I have a desktop app which uses ADAL for authentication, this app make requests to an API on the API Management azure service. After migrating the code to use MSAL, the API Management returns 401 saying that my token is invalid. The only difference that I see spying the requests is that ADAL makes a request to this endpoint /tenantID/oauth2/token and MSAL /tenantID/oauth2/v2.0/token.
In my API Management I have this policy:
<validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized. Access token is missing or invalid. AAD" require-expiration-time="false">
<openid-config url="https://login.microsoftonline.com/tenantID/.well-known/openid-configuration" />
</validate-jwt>
I tried to change the well known url to v2.0 endpoint but get the same error. How can I validate the token using MSAL?
Upvotes: 0
Views: 1412
Answers (1)
Reputation: 42143
From the Note in the doc, when changing the well known url to v2.0, you may need to use common instead of tenantID.
<openid-config url="https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration" />
Also, make sure you have done the step 10 in this link correctly:
If you use v2 endpoints, use the scope you created for the backend-app in the Default scope field. Also, make sure to set the value for the accessTokenAcceptedVersion property to
2in your application manifest.
Upvotes: 1
Related Questions
- Validate Azure token in a Spring boot application
- Can azure/msal-node validate a token?
- How to get a valid access token for a custom Azure App API? (MSAL.js)
- Get Authorization token to call API
- Validating Azure AD ID Token on Web API
- Unauthorized request in Sharepoint API with MSAL token
- Authenticating Against Azure Magment API SDK with MSAL.NET
- Validate AzureAD token in Web Api
- Use MSAL Auth token to consume Web API 2
- Azure AD - Validate Token