scp claim missing from code flow token, but works in postman

Kelso Sharp 1 Reputation point
2021-07-20T00:20:43.6+00:00

I am creating 2 applications, the client is a blazor server application, I have the app registration authenticating with Azure AD, I get back a token but it does not contain any scopes. It does have the app Roles configured in the app registration though. However I have configured Postman correctly, I can get a full bearer token using OAuth2 That has the scopes. I have tried everything I can think of to get the scp claim, but I do not know what I am missing.

In the Client I am using just using the app registration to signin-oidc as the callback
Claims in the client application:
116101-client-claims.png

Startup.cs for the client:

            services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)  
                .AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureAd"))  
                .EnableTokenAcquisitionToCallDownstreamApi(new string[] { Configuration["AzureAd:Scopes"] })  
                .AddInMemoryTokenCaches();  
  

Scopes element in appsettings:

"Scopes": "api://{Identifier}`/Recruiter.Read api://{Identitfier}/Test.Read"  

API startup.cs

            JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();  
            services.AddMicrosoftIdentityWebApiAuthentication(Configuration);  
            services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, options =>  
            {  
                options.TokenValidationParameters.RoleClaimType = "roles";  
                options.TokenValidationParameters.NameClaimType = "name";  
            });  

In postman I am making a call to: https://login.microsoftonline.com/{TenantID}/oauth2/v2.0/authorize
The token return URL is: https://login.microsoftonline.com/{TenantID}/oauth2/v2.0/token
Claims in Postman:
116023-postman-claims.png

I could really use some help, I have tried everything I can think of except the right way... clearly.

Microsoft Identity Manager
Microsoft Identity Manager
A family of Microsoft products that manage a user's digital identity using identity synchronization, certificate management, and user provisioning.
698 questions
0 comments No comments
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.