This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(80, 83%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
I have added my angular application into azureAD and trying to get access_token and passing that token to webapi but getting unauthorized error. I have tried multiple ways. I am just accessing basic weatherforecast controller with authorize attribute
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.Authority = "https://login.microsoftonline.com/{tenant-id}";
options.Audience = "api://{client-id}";
});
builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApi(options =>
{
builder.Configuration.Bind("AzureAd", options);
options.Events = new JwtBearerEvents();
}, options => { builder.Configuration.Bind("AzureAd", options); });
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hi @srinivas kolagani ,
Thanks for reaching out.
Did you tried to decode the token you are getting using jwt.ms ? The value of audience in the token would be client id of the API only. In ASP.net , the minimal configuration you need to validate the token is:
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(o =>
{
o.Authority = "https://login.microsoftonline.com/your-tenant-id";
o.Audience = "your-app-client-id";
});
app.UseAuthentication();
app.UseAuthorization();
Thanks,
Shweta
I have seen my access_token where scopes don't have the api scope and how to add scopes in access token
Can I set that scopes in azure portal or how to configure that ??
auth: {
clientId: 'eb385b15-c0b2-4753-a437-679588e9814b',
redirectUri: 'http://localhost:4200',
authority: environment.authority,
postLogoutRedirectUri: environment.redirectUrl,
}, angular code
To acquires an access token with the corresponding scopes of API, scope need to configure as :
export const protectedResources = {
todoListApi: {
endpoint: "http://localhost:5000/api/todolist",
scopes: ["https://your-tenant-name.onmicrosoft.com/api/tasks.read"],
},
Hope this will help.
Thanks,
Shweta
Hi @srinivas kolagani ,
Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
Thanks,
Shweta
Hi @srinivas kolagani ,
Just checking in to see if the below answer helped. If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
Thanks,
Shweta
Hi swetha,
Tp access the the token in web api we need audience claim which will be apiscope so how to add that in scopes
var loginRequest = { scopes: ['api://c97979df-eff5-4d85-b4f5/demoapi.scope','openid'] // optional Array<string> }; this.authService.loginPopup(loginRequest);
if I do my login like this I am able to access api but how to correct this and add as configuration and get the audience and aceess that
sorrry for delay in response
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 61%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
In ad, under the application add api permissions
Be sure to include the scope defined with the permissions defined above in the angular msal login.
I have tried doing that still not working getting same unauthorized error i want to know did I made any mistake in the adding services
I use react and msal-react, but the server config is just:
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApi(o =>
{
config.Bind("AzureAd", o);
o.TokenValidationParameters.NameClaimType = ClaimTypes.Name;
o.Events = new JwtBearerEvents
{
};
}, o =>
{
config.Bind("AzureAd", o);
});