5

Background:

I am trying to get an angular SPA to work with a Postgrest API backend, using Azure Active Directory as the identity provider for getting a JWT. The test app works using Auth0 -- I am able to authenticate a user, get an access token, pass that token to the postgrest backend, it validates the token, checks the user's group and then allows access. My issue is when I switch out from Auth0 to Azure AD.

To start with I've switched out the Auth0 code to MSFT's msal-angular library

This works a little bit. I can secure a custom component with a guard. Navigation to the component prompts for an Azure AD login, and my test app successfully gets an identity token back.

When I go hit the API backend the MSAL interceptor successfully puts a Bearer token into the headers -- though not a usable token as this is the identity token not the access token.

My Question:

According to the MSFT docs on using OAuth Implicit flow I need to set the response_type to both id_token and token.

However I can not find any way in the MSAL for Angular documentation on how to do that.

Is it possible?

BVD
  • 51
  • 1
  • 2
  • Can you share the code you're using currently, which is providing the unexpected behavior? – Philippe Signoret Nov 12 '18 at 12:53
  • 1
    The MSAL Angular library should handle getting the token with appropriate response_type and you don't have to modify it, so it is not configurable. What is the error you are receiving when accessing API? Also, if your backend API is registered in Azure AD with same app ID as your client SPA, the access token returned is same as id token. – Navya Canumalla Jan 30 '19 at 06:01

0 Answers0