0

I'm trying to upgrade out current MSAL 1.4 auth strategy to MSAL 2.0

I can successfully login and get an Access token using msal-browser, however when I try pass that to our backend as a Bearer Token I get an Invalid Token error.

Our current backend uses Hapi.js and jwks-rsa to get a list of Keys from https://login.microsoftonline.com/common/discovery/keys and I think this is where the issue lies.

Looking at the AccessToken on jwt.io the x5t and kid values do not match the publicly listed values. Which as I understand it means the two keys will not authenticate.

Where am I going wrong?

Dan Kelly
  • 2,634
  • 5
  • 41
  • 61

1 Answers1

0

You need to define a scope for your API inside the Azure Portal then create API permission with the newly created scope. The access token successfully decoded by hapi-auth-jwt after which you should do another internal level of authentication inside the enter validate() function to return isValid: true if the internal auth returned correct results.

Rutha
  • 751
  • 3
  • 7