I was able to get an access token from b2c after registering the API-1 and Test client application in azure portal and by following the documentation at: https://docs.microsoft.com/en-us/azure/active-directory-b2c/access-tokens and other related documentation.
This token contains "aud" with single client id of the API-1 because the that is what the token in intended for. So far so good.
Next I would like to get an access token that I would like to use at API-1, API-2 and API-3 (each API is registered as different client/application with b2c). Fortunately all of these APIs use the same authorization server. This would allow each of the APIs to check incoming access token (from my test application) for its client id in the "aud" field.
The open id spec (https://openid.net/specs/openid-connect-core-1_0.html) says that this should be possible for "aud" as shown below:
aud REQUIRED. Audience(s) that this ID Token is intended for. It MUST contain the OAuth 2.0 client_id of the Relying Party as an audience value. It MAY also contain identifiers for other audiences. In the general case, the aud value is an array of case sensitive strings. In the common special case when there is one audience, the aud value MAY be a single case sensitive
But I have no idea about how to configure b2c or my client code so that I can get an access token that has all 3 client ids in the "aud" field, indicating it can be used in of these 3 apis. I could not find any information on how to make this work with b2c.
Any links or documentation and a brief discussion of how I can make this work would be very helpful.
https://stackoverflow.com/questions/66619415/is-it-possible-to-get-b2c-access-token-with-multiple-values-in-aud-claim-so-th March 14, 2021 at 07:00AM
没有评论:
发表评论