'Two similar tokens, but one is not working
Maybe we have someone who understands tokens well. I have .Net core web app with Microsoft OpenID authentication and token acquisition to call downstream APIs
services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme)
.AddMicrosoftIdentityWebApp(Configuration.GetSection("AzureAd"))
.EnableTokenAcquisitionToCallDownstreamApi()
.AddInMemoryTokenCaches();
I am getting token from API like this:
string[] scopes = { "Service.Development" };
string accessToken = await _tokenAcquisition.GetAccessTokenForUserAsync(scopes) ;
HttpClient client = new HttpClient();
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken);
var responseRaw = await client.GetAsync("https://link_to_azure_apim_endpoint");
Above is not working, but token received using Powershell just works perfectly
Connect-AzAccount -TenantId 9f69edf3-***
(Get-AzAccessToken -ResourceUrl api://my-service -TenantId 9f69edf3-***).Token
Both tokens are really similar, here are the differences:
iat,nbf and exp, but its normal.
aio - An internal claim used by Azure AD to record data for token reuse. I guess its normal.
appid, but both ids are added to Authorized client applications to APIs app registration
appidacr, 0 is working and 1 is not
uti - but also guess its normal
What do you guys think I am missing.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|