I have a JWT coming from Azure after authenticating myself via login.microsoftonline.com, that has the
iss value of
https://sts.windows.net/... (after doing some research, it seems this is due to the
"ver": 1.0 of the JWT). In order to get a JWT issued by
https://login.microsoftonline.com/... I have updated the app’s Manifest, so that the
accessTokenAcceptedVersion is set to
2, and not
null as per default anymore.
I waited more than 5 hours, but I still get the wrong version of the token, I keep getting the JWT with
"ver": 1.0 and
"iss": "https://sts.windows.net/...". Is there any step that I am missing?
scope of the AuthConfig has the value
openid and I’m currently using Implicit Flow (will change to auth code flow soon, but only after the JWT version issue is fixed..)
Thanks in advance!
The version of the access token has nothing to do with the endpoint you use to request the token, but is related to the resource you requested. The default version of ms graph api is the token of version
1.0. If you want to obtain the
2.0 version of the token, you should request your custom api.
First, you need to create an application that represents the api, and then expose the api protected by Azure.
Next,under ‘API permissions’, give your front-end application access to your backend api:
- Under ‘API permissions’ click on ‘Add permission’, then click on the ‘My APIs’ tab.
- Find your backend application and select the appropriate scope.
- Click ‘Add permissions’.
- Grant admin consent for your APIs.
Next, you need to use the auth code flow to obtain an access token,which requires you to log in to the user and obtain the authorization code, and then use the authorization code to redeem the access token.
Parse the access token, it will show v2.
Answered By – Carl Zhao
Answer Checked By – Jay B. (AngularFixing Admin)