hpsin
commented
2 years ago What are your "default scopes"? Remember, the resource (the app that owns the scopes) controls the token version.
Closed raqsilva closed 2 years ago
hpsin
commented
2 years ago What are your "default scopes"? Remember, the resource (the app that owns the scopes) controls the token version.
raqsilva
commented
2 years ago Default scopes are 'email' 'openid' 'profile'.
I have just realised that in order to get a V2 access token I need to delete default scopes, expose API and create a new scope (ref https://authguidance.com/2017/12/01/azure-ad-spa-code-sample/).
rayluo
commented
2 years ago Thanks for @hpsin 's hint, and glad to see @raqsilva figured it out. By the way, MSAL is currently a token acquisition library, so MSAL users do not normally need to care about the version of the obtained token. @raqsilva you were working on token validation? No wonder you created this topic. :-) We do not currently have an offering on token validation in Python. We will mark this issue as answered here, and we will reference it in future when we work on token validation.
Hello,
Background: msal version = "1.15.0" python version = "3.8.12"
Authority = "https://login.microsoftonline.com/{tenant_id}/v2.0"
I have changed my app manifest var
"accessTokenAcceptedVersion": 2. My app is a confidential client application using default scopes and I'm getting my access token throughacquire_token_by_auth_code_flowwhich gives me an access token v1 and id token v2.How can I make sure I always get a v2 token?
Thanks, Raquel