3,299 questions
The issue was that admin disabled the Include ID Token in OAuth token option for the app that was being used for authentication.
"id_token" is not present in Oauth2 token received from Microsoft login, even though "openid" scope was requested and granted
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(262.40000000000003, 63%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
ashutosh
5
Reputation points
I am using Microsoft as an Identity provider in my application. The problem is that sometimes I am not receiving "id_token" in Oauth2 token response even though I am requesting "openid" scope (scopes requested: openid profile email) everytime.
I am using the common authorization and token endpoints: https://login.microsoftonline.com/common/oauth2/v2.0/authorize
Microsoft Security | Microsoft Entra | Microsoft Entra External ID
Microsoft Security | Microsoft Identity Manager
903 questions
{count} votes
-
Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,526 Reputation points Moderator2023-07-01T05:35:24.02+00:00 Hell @ashutosh , please Collect a network trace in the browser during one of the buggy authorization attemps and send us the exported HAR file to azcommunity@microsoft.com with Subject Attn: Alfredo Revilla.
-
ashutosh 5 Reputation points
2023-07-01T09:45:43.31+00:00 Hi @Alfredo Revilla - Upwork Top Talent | IAM SWE SWA , my bad, it seems that by mistake some admin disabled the Include ID Token in OAuth token option on client side for the app that was being used for authentication. The confusion arose because it was working fine and then suddenly we stopped receiving the ID Token. We have asked the admin team to get that fixed and are waiting for their update. I'll update with more details if the issue persists even after that fix, else will updated accordingly as resolved.
-
Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,526 Reputation points Moderator
2023-08-01T22:57:53.5733333+00:00 Hello @ashutosh , were you able to fix your issue?
-
ashutosh 5 Reputation points
2023-08-02T04:20:28.2933333+00:00 Oh, my bad, I missed to update. Though we are still waiting for a response from client, I think the issue is same that admin disabled the Include ID Token in OAuth token option. We can mark this as resolved for now. If we face any problem we'll ask again.
-
ashutosh 5 Reputation points
2023-08-15T09:16:43.0166667+00:00 Hi @Alfredo Revilla - Upwork Top Talent | IAM SWE SWA , I thought that enabling the Include ID Token in OAuth token option in the MS app has fixed the issue, but it didn't do that exactly. I have tested against two users created under same organisation in which the MS app is created. When I use MS as Identity Provider with that application, I receive Identity token in the OAuth2 token for one of the users but not for the other user. Two factor authentication is enabled for the organisation. Any idea what I should be looking at to fix this issue. Thanks in Advance.
-
ashutosh 5 Reputation points
2023-08-15T13:15:05.0433333+00:00 @Alfredo Revilla - Upwork Top Talent | IAM SWE SWA I have shared the HAR file with you over email at azcommunity@microsoft.com with Subject Attn: Alfredo Revilla.
-
Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,526 Reputation points Moderator
2023-08-16T05:40:54.3866667+00:00 Thanks for that. But, has the issue been solved or does it keep going on?
-
ashutosh 5 Reputation points
2023-08-16T05:46:04.41+00:00 The issue still exists. For only one user it is working fine and for all the other users we are facing this issue.
-
ashutosh 5 Reputation points
2023-08-16T05:48:00.0933333+00:00 The issue still exists. It's working fine for only one user and for all the other users we are facing this issue.
-
Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,526 Reputation points Moderator
2023-08-16T05:50:59.5366667+00:00 Ok. In order to start anew and avoid confussion (due to the initial findings) to others facing a similar issue please create a new thread and mention me.
-
ashutosh 5 Reputation points
2023-08-16T05:53:23.5066667+00:00 Sure, will do that.
Sign in to comment