This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(169.60000000000002, 5%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJO%3C/text%3E%3C/svg%3E)
I'm attempting to build an SSO prototype using an Azure Function web API and a react-based SPA connected to Azure AD. The goal is to use "Easy Auth" (aka Azure Function integrated authentication) for my authentication on the Azure Function (https://learn.microsoft.com/en-us/azure/app-service/overview-authentication-authorization) with Microsoft Identity Platform as my provider.
First off, I created a React SPA using the following tutorial: https://learn.microsoft.com/en-us/azure/active-directory/develop/tutorial-v2-react
This seemed to authenticate just fine and I was able to consume the sample Graph API call.
However, once I attempted to then add the Azure Function to the mix, I ran into a problem. I used the POST call for "Client-directed sign-in" (https://learn.microsoft.com/en-us/azure/app-service/configure-authentication-customize-sign-in-out#client-directed-sign-in) to submit my access token, but it failed.
I created a new button in the page that calls the following function:
export async function callExampleService(idToken, accessToken) {
const headers = new Headers();
headers.append("Content-Type", "application/json");
const options = {
method: 'POST',
headers: headers,
body: JSON.stringify({ access_token: `${accessToken}` })
};
return fetch(exampleDataServiceConfig.exampleDataServiceBase.concat(exampleDataServiceConfig.postAuth), options)
.then(response => response.json())
.catch(error => console.log(error));
}
Judging from the Fiddler response, it looks as though the call matched the expected POST:
POST https://
@Jason Olsan Can parse your access token and share a screenshot?
That one question actually solved the problem. I attempted to grab a new access token and parse it to send, when I noticed that the token wasn't validating.
After a bit of testing, I realized that the token I had gotten to validate was the id_token. On a hunch, I sent the id_token as the access token and then I was authenticated immediately with a 200 + authenticationToken. :)
The issue was pretty simple after I narrowed it down.
The problem was that I was using the accessToken to authenticate instead of the idToken. The fact that the json property was called "access_token" was a misnomer.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 4%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESR%3C/text%3E%3C/svg%3E)
Fixed it for me too - I was supplying the access token and not the id token.