How can i pass access token generated using AD Multi factor authentication to authenticate web api?

Sharayu Mundhe 1 Reputation point
2021-04-30T06:23:45.817+00:00

Hi,

I am using ad Multi factor authentication to login mobile app. After successful login getting access token. But when I am passing this access token to web api it is giving unauthorized error. How can i pass MFA generated token to web api, Whether it is possible or not?

In android platform i am using following method for MFA,

var authResult = await authContext.AcquireTokenAsync(resource, clientId, uri, platformParams);

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
18,688 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. AmanpreetSingh-MSFT 56,226 Reputation points
    2021-05-25T09:10:11.187+00:00

    Hi @Sharayu Mundhe · Thank you for reaching out.

    Having Azure AD MFA enabled or disabled doesn't make any difference in how you pass the Access Token to a Web API. You need to make sure that the token that you get after successful authentication contains required permissions in the scp (scope) claim. I am suspecting that your Web API requires certain scopes to be present in the token, in order to authorize the user(s).

    For this purpose, you need to navigate to:

    Azure AD > App Registrations > Select your app > API permissions > select your API from Microsoft APIs/APIs my organization uses/My APIs > Add appropriate scope > Grant admin consent.

    Once you successfully acquire a token, decode the token at https://jwt.ms to verify if it includes required scope(s).

    Additional ref:

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.