Closed steveworkman closed 2 years ago
Add the "openid profile email" scopes to your scope login parameter, since it seems to be replacing the default ones.
I have my auth section as such:
"auth": {
"rolesSource": "/api/UserRoles",
"identityProviders": {
"azureActiveDirectory": {
"registration": {
"openIdIssuer": "https://login.microsoftonline.com/<TENANT_ID>/v2.0",
"clientIdSettingName": "AZURE_CLIENT_ID",
"clientSecretSettingName": "AZURE_CLIENT_SECRET"
},
"login": {
"loginParameters": [
"scope=openid profile email https://graph.microsoft.com/User.Read"
]
}
}
}
}
Seems to be working like this.
That works for me - thanks! I couldn't find the syntax for the scope parameter anywhere
The example in the tutorial and this repo use the OpenID 1.0 protocol, with high-level access to resources. As MS now recommends using the newer version, can this tutorial be updated to reflect this?
I ask because I've not been able to get this to work successfully.
A request like this, moving to v2 openIdIssuer and swapping the
loginParameters
from resource toscope
gives me a 403 and being unable to log in to the application as it doesn't have anemail
.Is there a way to get this to work?