0

I am trying to execute Oauth2 code flow to get access token but not able to fetch built-in email scope.

Below is my setup.

  1. I have registered an application in Azure Active Directory. Lets say app id is - APP1
  2. I am using V2 endpoint to access 'code' from 'authorize'endpoint.

Below is piece of code 

[HttpPost]  
    public IActionResult Index(MyModel myModel)
    {

        HttpClient client = new HttpClient();
        var authEndpoint = "https://login.microsoftonline.com/{my-tenant-id}/oauth2/v2.0/authorize?client_id=APP1&response_type=code&scope=openid+email";

        return Redirect(authEndpoint);

    }

    public IActionResult Callback(string code, string error)
    {
        Console.WriteLine("callback");
        AuthenticationContext context = new AuthenticationContext("https://login.microsoftonline.com/9e8754b6-f9cd-4aed-974d-a0ec0f3ed703");
        ClientCredential cc = new ClientCredential("APP1", "xxxxxxx/_");
        var resource = "c4887ff4-f750-4f1b-9781-744affe6fee2";
        var r = context.AcquireTokenAsync(resource,cc).Result;
        var tokenEndpoint = "https://login.microsoftonline.com/9e8754b6-f9cd-4aed-974d-a0ec0f3ed703/oauth2/v2.0/token";
        return Ok("");

    }

Note that I am requesting two scopes openid and email

I am getting callback with appropriate code which I am trading further to retrieve access token using ADAL library.

I am getting back the access token but scope is missing in the access token . Please see below snap.

enter image description here

user2243747
  • 2,767
  • 6
  • 41
  • 61

1 Answers1

1

You are using the wrong method on the confidential client app object. You aren't using the code value. So you are acquiring a token through client credentials flow, which never has scopes since it is an app-only flow. Use the method/overload that accepts an authorisation code :)

juunas
  • 54,244
  • 13
  • 113
  • 149