locked
Web-API accepts ID tokens aquired through SSO for Authorizion, expected to require access tokens RRS feed

  • Question

  • User-241862991 posted

    I have a Microsoft Teams Tab that uses SSO to access a Web-API. [Authorize] is configured as

    services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
                    .AddJwtBearer(options =>
                    {
                        options.Audience = Configuration["{api//endpointSetInAzure}"];           
    
                        options.Authority = "https://sts.windows.net/{tenant}/";
                    });

    Access is granted by sending the ID token sent by the getAuthToken() method from the Teams SDK. However, according to the docs an access token should be used.

    Can I aquire an access token with the ID token I received and if so, what changes do I have to make to the authorization configuration to accept this access token? (note that I do not require MS Graph permissions beyond those already included in SSO).

    Monday, November 9, 2020 9:43 AM

Answers

  • User-241862991 posted

    Despite confusing docs and the missing nonce, the Token is in act an access token. See here.

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Monday, January 25, 2021 12:16 PM