Reputation: 23
Azure Active Directory API - EC001 Claims Missing
I have to call an API hosted (not by me) on an app on AAD. I can get the bearer access jwt token via the C# library IdentityModel and if I parse it I can see all claims in place (meaning the "Claims" property in the "JwtSecurityToken" object).
Then I try to call the API passing the bearer and I get a 401 Unathorized - EC001 claims missing.
I can't get why that is, can't find any doc about it and I can't understand whether it's my fault or might be due to the app config on AAD.
Could someone help me about it? Thank you
Upvotes: 0
Views: 237
Answers (1)
Reputation: 3137
The error might be occurring because of the App configuration on Azure Active Directory.
The API might require some claims which might be missing in your JWT token.
For example,
• roles and wids claims to validate that the user themselves has authorization to call the API
• aud claim to ensure that the user intended to call your application
• scp claim to validate that the user has granted the calling app permission to call your API
• appid claim to ensure that the calling client is allowed to call the API
Please refer the below document for more information :
https://learn.microsoft.com/en-us/azure/active-directory/develop/access-tokens
Upvotes: 1
Related Questions
- Azure AD: Roles claims missing in access token
- Azure AD B2C :: Roles claim is missing in access token
- Azure AD v2.0-specific optional claims missing from ID Token
- Azure AD - missing roles claim in the token
- API Permission in AZURE AD (version july 19)
- Azure AD PostAuthentication add claims
- Cant see scope claims in Azure Ad OAuth-protected api
- Azure AD manifest - optionalClaims
- Azure Active Directory Web Api not working
- Claims in Azure Active Directory B2C