azure msal-brower with nextJs: passing only one scope to the API
I've got a SPA calling an API. The user authenticates using Azure AD and I'm exposing the API with a custom scope (access).
I report below the responses based on different scopes:
- scopes = ['access'] => Authorised. Scope in the passed token is: "access"
- scopes = ['user.read'] => Not authorised. Scope in the passed token is: "openid profile User.Read email"
- scopes = ['access', 'user.read'] => Authorised. Scope in the passed token is: "access"
- scopes = ['user.read', 'access'] => Not authorised. Scope in the passed token is: "openid profile User.Read email"
- scopes = ['profile', 'email', 'openid', 'access'] => Authorised. Scope in the passed token is: "access"
I don't think it's normal behaviour because I couldn't find any reference around it. What if I need, in the API, the info coming from the User.Read as well?
Dep version: "@azure/msal-browser": "^2.26.0"
I tried to reproduce the same in my environment and got the same results.
When I passed ['access', 'user.read'] ,I got token for only access scope like below:
Please check the aud (audience) claim of the token you are generating.
- If you are giving
accessas your scope, youraudwill be api://your_app_id. - If you are giving
user.readas your scope, youraudwill be 00000003-0000-0000-c000-000000000000 that means graph.microsoft.com.
If you are giving 2 different scopes like ['access', 'user.read'], it will only consider first scope and generate token for that specific audience like below:
As mentioned by Juunas in this SO Thread, access token is valid for one API only based on the audience.
If you want the info coming from the User.Read, you need to generate two tokens, one for your API scope (access) and another for Graph API scope (user.read).
For more in detail, please refer below link:
azure - Passing multiple scope values to Oauth token endpoint - by Hari Krishna
- How can I customize the color of a Checkbox in Material UI?
- Why do I get error "CSRF token mismatch". React 18 SPA with Laravel 10 API
- What are these three dots in React doing?
- npm run build is failing due to typescript or lodash uncompatibility
- Is it possible to return empty in react render function?
- Get color code from MUI palette color name
- React: ".map is not a function"
- Not able to upload a file on button click in react with mui
- react native header button doesn't work as expected
- How does Snapshot of a UI in React works?
- React Native FlatList with position absolute behind Components
- how to return values from a Laravel Sever to React with inertiajs?
- Next.js Redirect from / to another page
- Cant get coderef.current in my main index.js file and it is bringing an error
- React-Bootstrap dropdown on hover
- How to get Input field type as props in react typescript
- Next.js Application error: a client-side exception has occurred (see the browser console for more information)
- Blocked by CORS policy despite domain name present in server side file
- React hooks: call component as function vs render as element
- Using SSL with Local React Development on Windows
- How to add a className to an element inside a variable in react?
- What's the best way to set localStorage in React?
- How to combine the data of two state into third state in Next js
- Typescript error TS2307: Cannot find module 'react' when trying to import without using node.js?
- Redux reducer remove item from nested object state
- How do I change the background color of the body?
- How do I map() all images in a folder? | React.js and Vite
- Hosting Nextjs on hostinger
- React eslint error missing in props validation
- How to display an Error message when logging in fails in Reactjs