How to get Access Token Version 2.0

Question

How to get Access Token Version 2.0

Shweta Mathur 30,431 Microsoft Employee Moderator

Hi, I'm not able to get v2.0 access token. It always return v1.0 access token.
As per document https://learn.microsoft.com/en-us/azure/active-directory/develop/reference-app-manifest#accesstokenacceptedversion-attribute . This depends on the value of "accessTokenAcceptedVersion" parameter in the Manifest of the API.

I updated the value in manifest to 2 as below and use endpoint https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token

"accessTokenAcceptedVersion": 2,  
"addIns": [],  
"allowPublicClient": null,  
"appId": "49f9xxxx-xxx-xxx-xx-xxxfd5",

but I am still getting version 1.0 in access token as below:

"appid": "49f9xxxx-xxx-xxx-xx-xxxfd5",
"ver": "1.0",

Could you please help what I am missing here or is there any other value I need to set in manifest to get V2.0.

Shweta Mathur 30,431 Reputation points Microsoft Employee Moderator

2021-11-25T17:46:14.253+00:00

hi @sikumars-msft Thanks for your response.

I am using client credential flow to get the access token and I am not able to pass customized scope in that flow as client credentials flow must have scope value with ./default.
Also, I am not able to relate how passing custom scope in parameter will help to give version 2.0 in access token .

Please share any reference doc if you have related to this.

Thanks,
Shweta
Siva-kumar-selvaraj 15,731 Reputation points Volunteer Moderator

2021-11-26T19:37:43.167+00:00

@Shweta Mathur , are you requesting a token for your own web API or Microsoft web-hosted resources such as Microsoft Graph? Could you please share complete scope that you used in access token request?
Shweta Mathur 30,431 Reputation points Microsoft Employee Moderator

2021-11-29T00:47:49.417+00:00

Hi @sikumars-msft I am requesting token to call Microsoft graph API endpoints. Please find the application and delegated permissions my applications has
Techies FAQ 21 Reputation points

2021-11-29T07:10:34.877+00:00

Thanks for the update @Shweta Mathur ,

As previously stated, Microsoft web-hosted resources such as Microsoft Graph: https://graph.microsoft.com do not yet support V2.0 version tokens because "accessTokenAcceptedVersion" = 2 must be set on the resource app which is Graph and not on the client app.

So we can't set it to 2 because we don't have access to the Graph App manifest. As a result, it currently supports Access Token V1.

------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Shweta Mathur 30,431 Reputation points Microsoft Employee Moderator

2021-11-29T11:40:43.303+00:00

TechiesFAQ-0382 Thanks for further clarification.
Nirmal Manoharan 0 Reputation points

2024-02-09T22:49:00.5166667+00:00

Is this still not supported - graph.microsoft.com not having an option to return JWT token V2?

Answer accepted by question author

1 additional answer

Your answer

Shweta Mathur 30,431 Reputation points Microsoft Employee Moderator

2021-11-25T17:46:14.253+00:00

hi @sikumars-msft Thanks for your response.

I am using client credential flow to get the access token and I am not able to pass customized scope in that flow as client credentials flow must have scope value with ./default.
Also, I am not able to relate how passing custom scope in parameter will help to give version 2.0 in access token .

Please share any reference doc if you have related to this.

Thanks,
Shweta
Siva-kumar-selvaraj 15,731 Reputation points Volunteer Moderator

2021-11-26T19:37:43.167+00:00

@Shweta Mathur , are you requesting a token for your own web API or Microsoft web-hosted resources such as Microsoft Graph? Could you please share complete scope that you used in access token request?
Shweta Mathur 30,431 Reputation points Microsoft Employee Moderator

2021-11-29T00:47:49.417+00:00

Hi @sikumars-msft I am requesting token to call Microsoft graph API endpoints. Please find the application and delegated permissions my applications has
Techies FAQ 21 Reputation points

2021-11-29T07:10:34.877+00:00

Thanks for the update @Shweta Mathur ,

As previously stated, Microsoft web-hosted resources such as Microsoft Graph: https://graph.microsoft.com do not yet support V2.0 version tokens because "accessTokenAcceptedVersion" = 2 must be set on the resource app which is Graph and not on the client app.

So we can't set it to 2 because we don't have access to the Graph App manifest. As a result, it currently supports Access Token V1.

------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
Shweta Mathur 30,431 Reputation points Microsoft Employee Moderator

2021-11-29T11:40:43.303+00:00

TechiesFAQ-0382 Thanks for further clarification.
Nirmal Manoharan 0 Reputation points

2024-02-09T22:49:00.5166667+00:00

Is this still not supported - graph.microsoft.com not having an option to return JWT token V2?

Answer 1

Hello @Shweta Mathur ,

Thanks for reaching out.

You have to make sure the accessTokenAcceptedVersion is set to 2 for the resource app (Web API) for which you are requesting the access token, and you need specify your resource app (Web API) as audience in the scope parameter while requesting token (For an example: scope=https://contosoApp.com/tasks.read ) as shown below, but if you use Microsoft web-hosted resources in the scope parameter such as Microsoft Graph: https://graph.microsoft.com / Microsoft SharePoint: https://microsoft.sharepoint-df.com etc.., then V2.0 version token doesn't support yet.

Outcome from my tenant Tenant:

An access token request call and decoded V2.0 version token

Hope this helps.

------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

Answer 2

Desmond Sindatry 91

How to update "accessTokenAcceptedVersion": 2 programatically using azure ad ?

Share via

How to get Access Token Version 2.0

1 additional answer

Your answer