I try to connect my internal Rest web API to a Microsoft App Proxy. The Appproxy uses MSAL with OAuth2 with ActiveDirectory. All configured inside the Azure Management Console. There are options to use MSAL with java, javascript and C# but since I try to connect within an Apex class inside Salesforce I have no MSAL library inside SF, so I use direct rest calls. I could already create a token(see code below) but when I pass the token it says that I have no permission.
headersauth = {'Content-Type': 'application/x-www-form-urlencoded'}
uriauth = "https://login.microsoftonline.com/" + TenantID + "/oauth2/v2.0/token"
bodyauth = {'grant_type': "client_credentials",
"client_id": ClientId,
"client_secret": ClientSecret,
"scope": "openid api://" + ClientId + "/.default",
"response_type": "code"
}
I think the problem is with the scope, but I am not sure. Perhaps MSAL can not be used with Clientsecret? Can someone shed a light on this?
No, We can use MSAL with client secret.
You need to expose the scope as an API which involves below steps,
Please follow the MS Document which can help.