locked
Web-API accepts ID tokens aquired through SSO for Authorizion, expected to require access tokens RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    User-241862991 posted

    I have a Microsoft Teams Tab that uses SSO to access a Web-API. [Authorize] is configured as

    services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
                .AddJwtBearer(options =>
                {
                    options.Audience = Configuration["{api//endpointSetInAzure}"];           

                    options.Authority = "https://sts.windows.net/{tenant}/";
                });

    Access is granted by sending the ID token sent by the getAuthToken() method from the Teams SDK. However, according to the docs an access token should be used.

    Can I aquire an access token with the ID token I received and if so, what changes do I have to make to the authorization configuration to accept this access token? (note that I do not require MS Graph permissions beyond those already included in SSO).

    Monday, November 9, 2020 9:43 AM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote
    User-241862991 posted

    Despite confusing docs and the missing nonce, the Token is in act an access token. See here.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, January 25, 2021 12:16 PM