Open mjboouuu opened 3 years ago
wrobins
commented
3 years ago Hello!
Are you seeing any exception being thrown or logged when this happens? If so, could you paste it here to help me understand what might be happening? Remember to double check it and remove any sensitive information before pasting it here.
Best,
ajs-atkinson
commented
3 years ago Hello @wrobins,
I am having a similar issue but related to scopes on different resources.
I need to authenticate using one resource scope then obtain an access token for a different resource (api for organisation in this case). As stated here: https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-net-user-gets-consent-for-multiple-resources "The Microsoft identity platform endpoint does not allow you to get a token for several resources at once."
So in my "options" config json when I call msalInit I have: "scopes": ["User.Read"]
And for my call to signInInteractive I have: "otherScopesToAuthorize": [ "api://aaaaaa-bbbbb-cccc-ddddeeee/BrowserAPIs.ReadWrite.All" ]
No matter what I do, the only jwt I get back from calling signInSilent ( for "accountMode": "SINGLE") is the jwt for the first resource requested, which only has the "User.Read" scope.
This could be solved if the "aquireTokenSilent" method on the underlying library was exposed by cordova-plugin-msal. For example see https://github.com/wrobins/cordova-plugin-msal/blob/master/src/android/MsalPlugin.java#L324
IAuthenticationResult silentAuthResult = MsalPlugin.this.appSingleClient.acquireTokenSilent(MsalPlugin.this.scopes, authority); MsalPlugin.this.callbackContext.success(silentAuthResult.getAccessToken()); <<<< aquireTokenSilent is called on the scopes provided at init, but the plugin does not provide a way to provide scopes for a separate/different resource. As a result only an access token for the first resource found in the scopes array is returned.
This is explained here in the msal-browser docs under the section called "Working with Multiple Resources". The msal instance for msal-browser exposes the "aquireTokenSilent" method: https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/resources-and-scopes.md#working-with-multiple-resources
It appears that this functionality is not available on the cordova-plugin-msal plugin. If this could be added it would be a great win for the plugin in my opinion :)
Thanks !
dbarn
commented
2 years ago Hi, I'm having the same issue as ajs-atkinson and would love to know if anyone has found a solution. Thanks!
toveram
commented
2 years ago Hello @wrobins,
I am having a similar issue but related to scopes on different resources.
I need to authenticate using one resource scope then obtain an access token for a different resource (api for organisation in this case). As stated here: https://docs.microsoft.com/en-us/azure/active-directory/develop/msal-net-user-gets-consent-for-multiple-resources "The Microsoft identity platform endpoint does not allow you to get a token for several resources at once."
So in my "options" config json when I call msalInit I have: "scopes": ["User.Read"]
And for my call to signInInteractive I have: "otherScopesToAuthorize": [ "api://aaaaaa-bbbbb-cccc-ddddeeee/BrowserAPIs.ReadWrite.All" ]
No matter what I do, the only jwt I get back from calling signInSilent ( for "accountMode": "SINGLE") is the jwt for the first resource requested, which only has the "User.Read" scope.
This could be solved if the "aquireTokenSilent" method on the underlying library was exposed by cordova-plugin-msal. For example see https://github.com/wrobins/cordova-plugin-msal/blob/master/src/android/MsalPlugin.java#L324
IAuthenticationResult silentAuthResult = MsalPlugin.this.appSingleClient.acquireTokenSilent(MsalPlugin.this.scopes, authority); MsalPlugin.this.callbackContext.success(silentAuthResult.getAccessToken());<<<< aquireTokenSilent is called on the scopes provided at init, but the plugin does not provide a way to provide scopes for a separate/different resource. As a result only an access token for the first resource found in the scopes array is returned.
This is explained here in the msal-browser docs under the section called "Working with Multiple Resources". The msal instance for msal-browser exposes the "aquireTokenSilent" method: https://github.com/AzureAD/microsoft-authentication-library-for-js/blob/dev/lib/msal-browser/docs/resources-and-scopes.md#working-with-multiple-resources
It appears that this functionality is not available on the cordova-plugin-msal plugin. If this could be added it would be a great win for the plugin in my opinion :)
Thanks !
Is any solution available? Please share if already solution found.
Hi I am currently integrating azure AD to a cordova mobile application with angularJS framework. I am able to successfully implement it with one scope, but I am encountering issues on adding another one.
options = {scopes:['scope1', 'scope2']}
can you please help us with this? thank you.