Comments (3)
There is no need for the scope to be part of the token cache key, because the token saved for that user will be the same but it will contain both scopes. Basically, by the point that the user requested an access token for "scope B", their token will be one containing "scope A" and "scope B".
Does it answer your question?
from active-directory-aspnetcore-webapp-openidconnect-v2.
Well, I expected that "scope B" would be part of the token, i.e., the scope should not be part of the cache key. The question was more along the line of how it gets to be part of the token? Since we cannot simply edit a token issued by the AD, someone somewhere must request a new token from the AD containing the new scope.
I guess I just wanted to get confirmation, that adding scopes to tokens was indeed taken care of elsewhere (and probably in Microsoft.Identity.Client), and thus was not relevant for the cache key.
from active-directory-aspnetcore-webapp-openidconnect-v2.
@HenningRoigaard . Indeed it's taken care by Azure AD, called by MSAL.NET (which will use AcquireTokenSilent to request a token with a new scope. Note that if the new scope is for the same Web API, this will be completely silent. However if the new scope is for an API where the user has not yet consented, Microsoft.Identity.Web will cause a challenge which will trigger ASP.NET core to prompt the user for consent. When that's done the call will happen again and it will be silent. This is enccapsulated by TokenAcquisition.GetAccessTokenOnBehalfOfUser
from active-directory-aspnetcore-webapp-openidconnect-v2.
Related Issues (20)
- AADSTS500113: No reply address is registered for the application HOT 1
- System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://XXX.onmicrosoft.com/XXX_SignUp_SignIn/v2.0/.well-known/openid-configuration'. HOT 5
- [Feature Request] Update 2-WebApp-graph-user/2-3-Multi-Tenant to Graph SDK 5 HOT 1
- 1-5-B2C Returning 'Unauthorized_client' error HOT 2
- Fix graphic on 3-Web-app-multi-apis & 4-1
- Why is the secret necessary in sample 2-1-Call-MSGraph? HOT 4
- AADSTS501461 on 4-1-MyOrg HOT 2
- Please update your client sample to use Blazor Web App in .NET 8 HOT 2
- Notes: Notes.md
- [Feature Request] HOT 1
- [Azure AD B2C] AADB2C90057: The provided application is not configured to allow the 'OAuth' Implicit flow HOT 1
- Error when redirecting to Graph API deployed to Azure Web Apps HOT 3
- SecurityTokenSignatureKeyNotFoundException: IDX10503: Signature validation failed. HOT 1
- Querying the MS Graph as part of the OnTokenValidated fails with error that "Input id_token cannot be used as ..."
- Configure.sp1
- [Feature Request]
- Code example does not handle OData error to process the CAE challenge from Microsoft Graph. HOT 1
- mongodb HOT 1
- Required step to add owner is missing in documentation
- Revoke session/Reset password not Asking relogin even enabled CAE in WebAPP code
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from active-directory-aspnetcore-webapp-openidconnect-v2.