This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 68%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPV%3C/text%3E%3C/svg%3E)
I am doing sign in for my application using Active Directory. I can get an access token for the application, however the access token is a Graph API access token which you can't validate and verify on own. Everything I am reading online says that the access token is nonce and requires special processing and doesn't need validating; calling a graph api call will have it go through validation and it's verified on call. It says I should be using and identity token to verify the user, but how do i get the identity token? It says in the documentation that it comes back with the accesss token, but I'm not seeing this in the request response. I'm using msal and doing result = app.acquire_token_by_username_password({username}, {password}, scopes=["User.ReadBasic.All"]). I get back the access token but I dont see any id token. I see alot documents saying to use the id token to verify the user however nothing that says how to get the id token.
Thanks In Advance,
Paul
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 20%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hi @Paul Viet Truong ,
Did you try the solution suggested below to add "openId" in scope to get the ID token. You can add openid along with existing scope as scopes="User.ReadBasic.All Openid".If this answers your query, please don’t forget to click "Accept the answer" and Up-Vote for the same, which might be beneficial to other community members reading this thread. And, if you have any further query do let us know.
Thanks,
Shweta
You need to include the "openid" scope in the token request in order to obtain an ID token.
Hey Michev -
Thanks for the help. It lead me down the right path.
Thanks again for the help. The errors i was getting before wasn't really clear, but once I cleared the main problem what you said and everything from that point started to make sense.