msal.js

问题 I have a single page JavaScript (TypeScript) application hosted on Azure as an app service, and I am using Implicit Flow MSAL authentication with Azure AAD with the @msal-browser npm package to authenticate my users. I have configured my MSAL instance to use login redirect. The login works, but the response is very slow: it takes >7 seconds for my app to receive a response. I have included my MSAL config as a code snipit below. The handleRedirectPromise promise is triggered several times with

问题 I have an angular application and an DotNet core web api application. The web api exposes 2 permissions. The angular has susbscribed to those permissions (see screenshot). In the code, I tried this export const loginRequest: { scopes: string[] } = { //scopes: ['user.read', 'openid', 'profile'], //--> I commented out this line. scopes: [] }; export const tokenRequest: { scopes: string[] } = { scopes: ['api://da8b9450-d9b7-4b7f-9667-fdae9a7c8359/API.Access', 'api://da8b9450-d9b7-4b7f-9667

问题 I would like some clarification on how to use ID tokens and access tokens in an implicit grant flow. I have an Angular SPA using MSAL.js for Angular package and a Web API. The API does NOT call any external services, like MSFT Graph. The back end uses role claims from JWT to establish RBAC authorization to our API functionality only. This doc says: https://docs.microsoft.com/en-us/azure/active-directory/develop/id-tokens id_tokens are sent to the client application as part of an OpenID

来源： https://stackoverflow.com/questions/59154981/returning-email-address-as-part-of-aad-b2c-msal-js-code

来源： https://stackoverflow.com/questions/59154981/returning-email-address-as-part-of-aad-b2c-msal-js-code

问题 I'm using the Microsoft Authentication Library for JavaScript (MSAL.js) version 1.3.2 in my chrome extension built on React JS. I have two login scenario I need to support in order to get a bearer token used in the rest of my application: promptLogin() handles the first time the user authenticates in my extension. getTokenAsync() handles acquiring a bearer token silently for a user who has already authenticated in my extension. This approach returns an id token that I do not use, should I?

问题 I used MSAL JS for authenticating user & thereafter calling acquireTokenPopup(scopes) for Access Token. I am getting the access token, but cannot use it as it says Invalid Signature . (checked in jwt.io too - same error) Over the forum I found it is due to Graph adding nonce. What will be the solution? Please help. Following is the code. tenantConfig = { scopes: ["directory.read.all"] }; this.clientApplication.acquireTokenSilent(this.tenantConfig.scopes).then( function (accessToken) { },

问题 authProvider.getAccessToken() calls the authentication endpoint for every API call, instead of fetching it from the cache. I don't know if the issue is with AcquireTokenSilent in Msal or getAccessToken in react-aad-msal. Using msal 1.2.1 and react-aad-msal 2.3.2 Api call helper: import { config } from '../config'; import { authProvider } from './../authProvider'; export const callApi = async (method: 'GET' | 'POST' | 'PUT' | 'DELETE', path: string, data?: any) => { const token = await

问题 authProvider.getAccessToken() calls the authentication endpoint for every API call, instead of fetching it from the cache. I don't know if the issue is with AcquireTokenSilent in Msal or getAccessToken in react-aad-msal. Using msal 1.2.1 and react-aad-msal 2.3.2 Api call helper: import { config } from '../config'; import { authProvider } from './../authProvider'; export const callApi = async (method: 'GET' | 'POST' | 'PUT' | 'DELETE', path: string, data?: any) => { const token = await

问题 I have a Reactjs app (aka Single-page Application) that is uploaded in Dynamics 365 Customer Engagement (formerly CRM) as a web resource. This web resource or app is displayed in an IFRAME inside an entity form and therefore this small app already has direct access to Dynamics 365 data using the Xrm object. All good. What I'm trying to accomplish with this app is to get it to connect to SharePoint via Microsoft Graph API and upload files and create folders. Since the user is already signed in