search

Azure-Samples / ms-identity-blazor-wasm

ms-identity-blazor-wasm
MIT License
19 stars 20 forks source link

example of using api application set up in azure ad #5

Closed dkboon01 closed 3 years ago

dkboon01 commented 3 years ago

Is there an example of calling an api that is secured by azure ad instead of Microsoft graph? I'm sure my issue is how the scope is setup and where to put in options.ProviderOptions.DefaultAccessTokenScopes or options.ProviderOptions.AdditionalScopesToConsent.Add My login is working - it is calling the api that does not work

Please provide us with the following information:

This issue is for a: (mark with an x)

- [ ] bug report -> please search issues before submitting
- [ ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

Any log messages given by the failure

Expected/desired behavior

OS and Version?

Windows 7, 8 or 10. Linux (which distribution). macOS (Yosemite? El Capitan? Sierra?)

Versions

Mention any other details that might be useful

Thanks! We'll be in touch soon.

Shama-K commented 3 years ago

@dkboon01, we don't have a sample right now, here is how you can specify the scope for API:

builder.Services.AddMsalAuthentication(options =>
{
    builder.Configuration.Bind("AzureAd", options.ProviderOptions.Authentication);
    options.ProviderOptions.DefaultAccessTokenScopes.Add("Enter_Api_Scope");
});
dkboon01 commented 3 years ago

Thank you for responding. After alot of searching my problem is caused by trying to use 2 different scope one for Graph and one for API. So I've decided that I need the api more than graph at the moment. It was recommended to me to create a token for GraphClient separately

using a method like this: (however my user is login is not able to be pushed into accounts- user is AuthenticatedUser from azure but not a Microsoft.Identity.client)

AuthenticationResult authResult = null;

        var accounts = await ClientApp.GetAccountsAsync();
        var firstAccount = accounts.FirstOrDefault();

        try
        {
            authResult = await ClientApp.AcquireTokenSilent(Scopes,

firstAccount) .ExecuteAsync(); // return true; } catch (MsalUiRequiredException ex) {

On Thu, Mar 25, 2021 at 1:23 PM Shama @.***> wrote:

@dkboon01 https://github.com/dkboon01, we don't have a sample right now, here is how you can specify the scope for API:

builder.Services.AddMsalAuthentication(options => { builder.Configuration.Bind("AzureAd", options.ProviderOptions.Authentication); options.ProviderOptions.DefaultAccessTokenScopes.Add("Enter_Api_Scope"); });

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/Azure-Samples/ms-identity-blazor-wasm/issues/5#issuecomment-807134593, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACWTZDRHFSG6EDK6LC2PRZLTFNWQNANCNFSM4ZZH7K2A .

Shama-K commented 3 years ago

You can add additional scopes using AdditionalScopesToConsent to consent during the initial sign-in flow. Token can be requested using TokenProvider.RequestAccessToken.

You can follow ASP.NET Core Blazor WebAssembly additional security scenarios document that provide all details.

derisen commented 3 years ago

Closing this, let us know if you need further help.