unable to get access token from app registration from web app with JS

Charlie Chen 96 Reputation points
2021-05-14T20:05:26.507+00:00

Hi there,

I have a poweautomate HTTP endpoint secured by API management service, which implements JWT validate policy against one of my app registration.

What I can do is:

  1. running Azure CLI "az login" and "az account get-access-token --resource api://67568467-a9c0-4249-8854-******************3" ,
  2. Send a request to API management service with above token and get the response from PowerAutomate from Postman

What I need to do is:

  1. user login to an web app secured by the app registration with its company account,
    2. web app acquires access token from the same app registration for the login user silently and uses it in the request to API management. However, I can't do it with MSAL.js.

I don't find any documentation to help me achieve the programming route.

Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
1,750 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,451 questions
0 comments
Accepted answer
  1. Charlie Chen 96 Reputation points
    2021-05-19T00:59:18.123+00:00

    @Pramod Valavala Thanks for replying. To be honest, it's quite confusing reading the docs for MSAL. I tried using below code. but no luck with error message: Uncaught (in promise) ClientAuthError: User login is required.

    function getStsToken() { 

    let config = {  
    auth: {  
        clientId: "67568467-a9c0-4249-8854-2***********3",  
        authority: "https://login.microsoftonline.com/4************-a9d7-433d-ab8f-cbc6d3a41ee4/"  
    },  
    cache: {  
        cacheLocation: "sessionStorage"  
    }  
};  

let graphConfig = {  
    graphEndPoint: "https://graph.microsoft.com/v1.0/me"  
};  

let requestPermissionScope = {  
    scopes: ["api://67568467-a9c0-4249-8854-2**************3/***********_APIM"]  
};  

const myMSALObj = new Msal.UserAgentApplication(config);  

myMSALObj.acquireTokenSilent(requestPermissionScope).then(function(result) {  
    if (result != undefined) {  
        var headers = new Headers();  
        var bearer = "Bearer " + result.accessToken;  
        headers.append("Authorization", bearer);  
        var options = {  
            method: "GET",  
            headers: headers  
        };  

        fetch(graphConfig.graphEndPoint, options)  
            .then(function(response) {  
                //do something with response    

                if (response.status == 200) {  
                    var data = response.json();  
                    data.then(function(userinfo) {  
                        var printResponse = JSON.stringify(userinfo)  
                            //Print the JSON string                          
                        console.log(printResponse)  
                    })  
                }  
            });  
    }  
}).catch(  
    e => { console.log(e) }  
);

    }

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Pramod Valavala 20,516 Reputation points Microsoft Employee
    2021-05-17T09:40:31.38+00:00

    You will have to use the acquireTokenSilent with the appropriate scopes (for example api://67568467-a9c0-4249-8854-**3/read) to fetch the token for the API.

    0 comments