I registered two applications in AzureAD, both were set to multi-tenant, added users and gave them roles. In my c# code, I set tenant_id to "/common"
services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddJwtBearer(options =>
{
options.Audience = System.Environment.GetEnvironmentVariable("AzureAd_ResourceId");
options.Authority = $"{System.Environment.GetEnvironmentVariable("AzureAd_Instance")}/common";
options.TokenValidationParameters = new TokenValidationParameters
{
ValidAudience = $"api://{System.Environment.GetEnvironmentVariable("AzureAd_ResourceId")}",
ValidateIssuer = false
};
options.Events = new JwtBearerEvents()
{
OnTokenValidated = (context) =>
{
if (!context.SecurityToken.Issuer.StartsWith("https://sts.windows.net/"))
throw new SecurityTokenValidationException();
return Task.FromResult(0);
}
};
});
I also put "/common" in the angular application
export function MSALInstanceFactory(): IPublicClientApplication {
return new PublicClientApplication({
auth: {
clientId: environment.uiClientId,
authority: environment.tenantId,
redirectUri: environment.appUrl,
postLogoutRedirectUri: environment.appUrl
},
cache: {
cacheLocation: BrowserCacheLocation.LocalStorage,
storeAuthStateInCookie: isIE // set to true for IE 11
}
});
}
I ended up getting a 403 response because there is no role in the received token 403 response No valid token Also I don't understand why my swagger application gets the user role correctly in the token even though they are exactly the same registered? Valid token Can you tell me what I'm doing wrong? Thanks in advance for help!
