Issue in generating token with scope in Microsoft AAD using react. (401 Unauthorized)

Question

I am using react-aad-msal and msal packages for implementing authentication using azure active directory. I am able to get the access token but every time the token is validated as "Invalid token" by back-end(.net core). Server is throwing error below error.

System.UnauthorizedAccessException: Neither scope or roles claim was found in the bearer token.

I am able to access all web services by authenticating with response_type "code" in postman.

I have tried to decode the token in jwt.io. It is clearly the issue with scope. I am attaching the image of config file in react.

config

In the image, the blurred part in blue color is clientId from AAD app.

In above config, I have provided the scope, but after decoding the token I am not getting the scope field.

Please add your config as a text. – SternK Jun 16 '20 at 14:04 — SternK, Jun 16 '20 at 14:04
@Yash Are you still looking for help? – Shiva Keshav Varma Aug 21 '20 at 19:53 — Shiva Keshav Varma, Aug 21 '20 at 19:53

score 0 · Answer 1 · answered Jun 17 '20 at 03:26

0

You cannot directly request /common, because it will not be able to respond to your scope or role because you can't find the tenant you want to request the token. You should add your tenant URI (domain.onmicrosoft.com) or tenant id when requesting .

https://login.microsoftonline.com/{your-tenant-uri-or-your-tenant-id}/oauth2/v2.0/token

answered Jun 17 '20 at 03:26

Carl Zhao

8,543
2
11
19

Thanks for the solution @Carl. However I am still not getting the scope in token. Do you have any idea regarding the same ? – Yash Madlani Jun 17 '20 at 06:26
I'm having the same issue: https://stackoverflow.com/questions/64193349/idw10201-neither-scope-or-roles-claim-was-found-in-the-bearer-token – 1iveowl Oct 04 '20 at 10:38

Issue in generating token with scope in Microsoft AAD using react. (401 Unauthorized)

1 Answers1