ivarvh
commented
3 years ago I have the same issue
Open jenniferestrada opened 3 years ago
ivarvh
commented
3 years ago I have the same issue
ivarvh
commented
3 years ago In the meanwhile I have solved my issue, let me know if you are still looking for an answer.
muringmachine
commented
3 years ago Hi @ivarvh - may we know how did you solve your issue?
ivarvh
commented
3 years ago In our case we had to set the authorityUrl and we had to set the scopes to ['
mfbhatt
commented
3 years ago In our case we had to set the authorityUrl and we had to set the scopes to ['/.default'] Hello @ivarvh I tried setting the scopes to default and I am getting following error.
ERROR: Server returned less scopes than requested Can you please let me know what can be the issue.
mfbhatt
commented
3 years ago Hi Team-
Can someone help me understand how to add access scopes for APIs to this code? I have tried adding scopes via the scopes array, the protectedResourceMap (as in other instances of MSAL) and the otherScopesToAuthorize array as shown in the screen shot below. In my token, the scopes are always applied towards the MS Graph API in each case. Can you tell me the correct way to add scopes for accessing APIs? You will see my decoded token below, where the scope is applied for the Graph API only.
Thank you
Hi I am also facing the same issue. Could you please help if you have resolved it.
Thank you.
divakarlasrinivas
commented
2 years ago I am also facing the same issue.
dbarn
commented
2 years ago Hi I'd really like to be able to do the same thing. I need to be able to acess the graph and also our own APIs. Bascially I need to be able to access multiple scopes. I know this means getting multiple tokens but Im not sure how to get the other token
dbarn
commented
2 years ago In the meanwhile I have solved my issue, let me know if you are still looking for an answer.
I'd like to understand how you did this.
mfbhatt
commented
2 years ago I am not using the graph api. once authentication is done I get the OID filed and I use that in the application. I only use single scope to read my api.
dbarn
commented
2 years ago Ok we have found the solution. It's brutal but it works:
document.addEventListener('deviceready', onDeviceReady, false);
function onDeviceReady() { // Cordova is now initialized. Have fun!
console.log('Running cordova-' + cordova.platformId + '@' + cordova.version);
if (typeof (cordova.plugins.msalPlugin) !== "undefined") {
let options = {
authorities: [
{
type: 'AAD',
audience: 'AzureADMyOrg',
authorityUrl: '',
cloudInstance: 'MSALAzurePublicCloudInstance',
default: true
}
],
authorizationUserAgent: 'DEFAULT',
multipleCloudsSupported: false,
brokerRedirectUri: false,
accountMode: 'SINGLE',
scopes: ['User.Read', 'Mail.Send'],
}
window.cordova.plugins.msalPlugin.msalInit(function () {
window.cordova.plugins.msalPlugin.signInInteractive(
function (jwt) {
console.log("TOKEN GRAPH:", jwt);
//CHANGE THE SCOPE AND RI INIT
options.scopes = ['api://XYZ-TYU-ERT/APIM_APP'];
// THIS TIME LOGIN SILENT
window.cordova.plugins.msalPlugin.msalInit(function () {
window.cordova.plugins.msalPlugin.signInSilent(
function(resp) {
console.log("TOKEN API:", resp);
},
function(err) {
console.log(err);
}
);
},
function (err) {
console.log(err);
}, options);
},
function (err) {
console.log(err);
}
);
},
function (err) {
console.log(err);
}, options);
}}
mfbhatt
commented
2 years ago Thank you very much. It will surely help many people
toveram
commented
2 years ago Ok we have found the solution. It's brutal but it works:
document.addEventListener('deviceready', onDeviceReady, false);
function onDeviceReady() { // Cordova is now initialized. Have fun!
console.log('Running cordova-' + cordova.platformId + '@' + cordova.version); if (typeof (cordova.plugins.msalPlugin) !== "undefined") { let options = { authorities: [ { type: 'AAD', audience: 'AzureADMyOrg', authorityUrl: '', cloudInstance: 'MSALAzurePublicCloudInstance', default: true } ], authorizationUserAgent: 'DEFAULT', multipleCloudsSupported: false, brokerRedirectUri: false, accountMode: 'SINGLE', scopes: ['User.Read', 'Mail.Send'], } window.cordova.plugins.msalPlugin.msalInit(function () { window.cordova.plugins.msalPlugin.signInInteractive( function (jwt) { console.log("TOKEN GRAPH:", jwt); //CHANGE THE SCOPE AND RI INIT options.scopes = ['api://XYZ-TYU-ERT/APIM_APP']; // THIS TIME LOGIN SILENT window.cordova.plugins.msalPlugin.msalInit(function () { window.cordova.plugins.msalPlugin.signInSilent( function(resp) { console.log("TOKEN API:", resp); }, function(err) { console.log(err); } ); }, function (err) { console.log(err); }, options); }, function (err) { console.log(err); } ); }, function (err) { console.log(err); }, options); }}
@dbarn - Above solution not working. I have 5 API and each need different tokens. Please help me on this.
Hi Team-
Can someone help me understand how to add access scopes for APIs to this code? I have tried adding scopes via the scopes array, the protectedResourceMap (as in other instances of MSAL) and the otherScopesToAuthorize array as shown in the screen shot below. In my token, the scopes are always applied towards the MS Graph API in each case.
Can you tell me the correct way to add scopes for accessing APIs?
You will see my decoded token below, where the scope is applied for the Graph API only.
Thank you