search

wrobins / cordova-plugin-msal

Use the newest Microsoft MSAL library in your Cordova-based project!
Apache License 2.0
23 stars 63 forks source link

Is user_impersonation scope supported? #17

Closed Perroquiet closed 8 months ago

Perroquiet commented 4 years ago

Hi,

I wanted to use this plugin for our mobile app authentication but our REST service is old and is based on a V1.0 endpoint. With that our app AD registration have the API permission user_impersonation but it is in a different resource/scope.

Screen Shot 2020-04-29 at 1 41 14 PM

So tried adding a scope to the scopes option:

scopes: ['User.Read', 'user_impersonation']

but that didn't work.

I did a bit of research and found that MSAL can be used to communicate and generate a V1.0 token with the permission https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-v1-app-scopes

Will this be supported in the future for this plugin?

wrobins commented 4 years ago

Hello!

Have you tried prepending your API's endpoint URL before the scope (and with two slashes for some endpoinds)? For example, if you're using the Azure Resource Manager API for that scope, something like:

scopes: ['User.Read', 'https://management.core.windows.net//user_impersonation']

Or if you can get the URI ID from your Azure console and if it has one scope, you could try 

scopes: ['User.Read', 'YourResourceURI/.default']

Let me know if you've tried either of these options. Thanks!