Closed jeromechrist closed 3 years ago
@jeromechrist this is expected. What happens here is called dynamic consent i.e. the app presents you with a consent screen only when the permission is actually needed. The first permission screen is for scopes that are requested during sign-in: openid
, profile
and offline_access
(these are default OIDC scopes). The second screen is for the scope required for calling your web API (access_as_user
in the sample). You get this screen later in the app when you are actually trying to call the web API.
ah ok I get it.
all of this scope check dance is made my the MSAL library only on the client side ? Or with the combination of Identity.Web in the API ?
@jeromechrist that's right, this is carried out by MSAL Angular on the client side. Basically the user consents to the client app to access the web API on her behalf. The web API has no user interaction capability here, but if it was a user facing app, Identity.Web would have handled it (Identity.Web is a wrapper around MSAL .NET)
Thank you :)
Great samples by the way, I really like that you covered a lot of useful scenarios
Issue
This issue is for the sample
This issue is for a
Minimal steps to reproduce
Hello,
I went through the scenario 3-1 and i was wondering why do I have to consent 2 times ?
I had one popup after the Login
And one when I first clicked the TodoList button
I was expecting to get only one consent