Closed markusg80 closed 2 years ago
Hi @markusg80, please, can you provide a simple to follow scenario on how to reproduce this on the latest release of Payara Community Edition? A reproducer should ideally follow the SSCCE rules: http://www.sscce.org/. It will greatly help us to find the cause and fix it.
Yes i will provide this this week.
So @MeroRai i think its little bit difficult to give you an sscce example, because you don't have access to my Azure Api. Also i cannot share this to you. So i can send you the source code of my poc app. But i don't think this will provide additional input to you. The main information of this poc is already provided within the issue description. So maybe you can give me an hint where i can find the code wich is creating the diffrent request url to authorization, token and userinfo endpoint. because i already created the request with postman and there i recieve a valid token and with this i was able to access my rest api.
This is solved with 5.2021.10
I have following scenario. I have one web app running with payara 5.2021.6 wich gets a access token from azure with openid connect, Then i hgave second web app with rest api running also on payara 5.2021.6. On the web app with the rest api i have an exposed api with the following id (api://433c6e0f-8762-4e14-af2e-c6b568724312/rest_access). on the web app i use the new Bearer authentication with Azure and when i connect with my android application everythin works great. i can also run the query with postman and scope value set to api://433c6e0f-8762-4e14-af2e-c6b568724312/rest_access. And also there everything works fine. but when i try to get an access token in my second web app i following error:
my AzureAuthenticationDefinition is this:
@AzureAuthenticationDefinition( clientId = "xxxxxxxx-xxxx-xxxx-856d-0df599a8eb34", clientSecret = "****", claimsDefinition = @ClaimsDefinition( callerGroupsClaim = "roles", callerNameClaim = "unique_name" ), tokenAutoRefresh = true, tenantId = "7be21829-23c6-4bf2-b4ed-30b2a5d35546", redirectURI = "https://poc.cslive-its.ch:9191/resttest-client/Callback", scope = {"api://433c6e0f-8762-4e14-af2e-c6b568724312/All.Write"} )
I guess that there is somewhere a logic behind the scene wich destroyes my scope values. But this scope is important to call the api in behalf of the user and get the permissions.