Using v2 token endpoint still giving v1 token: Azure Active Directory
I created a new app registration and set scopes for Application.Read.All and User.Read.All. I exposed one custom scope as access_as_user. Using v2 token endpoint still giving v1 tokens that is the main issue now.
v1 token endpoint: https://login.microsoftonline.com/tenantid/oauth2/token
v2 token endpoint: https://login.microsoftonline.com/tenantid/oauth2/v2.0/token
Both endpoints giving tokens with same version i.e, version 1.0 Why so? If I registered multitenant applications then it is giving tokens with version 2.0 with both endpoints.
My requirement is to get v2.0 tokens for single tenant applications. Any way to achieve this?
I tried to reproduce the same in my environment and got below results:
I registered one single tenant application and granted API permissions like below:
When I checked the Manifest of this application, accepted token version is null as below:
I generated the token for custom scope using v2.0 token endpoint via Postman like below:
POST https://login.microsoftonline.com/<tenantID>/oauth2/v2.0/token
grant_type:client_credentials
client_id:<appID>
client_secret:<secret>
scope: api://xxxxxxxxxxxxxxxxxxx/.default
Response:
When I decoded the above token in jwt.ms, token version is 1.0 as below:
To get v2.0 token, you need to change your application's Manifest like below:
When I generated the token again and decoded it, I got the token version as 2.0 as below:
In your case, change the accessTokenAcceptedVersion to 2 in your Manifest's file and generate the token again.