Hello,
Hello, I am working on a Server to Server – Client Credentials Grant, a scenario in which the unattended client application needs to be issued token for the specified resource. I have specified appRoles in my application manifest in Azure.
..., "appRoles": [
{
"allowedMemberTypes": [
"Application"
],
"description": "...",
"displayName": "PCN",
"id": "9bb196cc-...-3680b9906f3f",
"isEnabled": true,
"origin": "Application",
"value": "..."
},
{
"allowedMemberTypes": [
"Application"
],
"description": "...",
"displayName": "PUN",
"id": "585bfe19-89...-8ac2-65b0abfaad4f",
"isEnabled": true,
"origin": "Application",
"value": ".."
}
],...
However the returned JWT, does not contain appRoles in the payload:
{
"aud": "http://...onmicrosoft.com/...",
"iss": "https://...windows.net/.../",
"iat": 1434743085,
"nbf": 1434743085,
"exp": 1434746985,
"ver": "1.0",
"tid": "190f4bb...9c19923917",
"oid": "4911016...e-a571e079d8b2",
"sub": "491101...0e-a571e079d8b2",
"idp": "https://sts.windows.net/.../",
"appid": "817ceb3...-b698-88bfb180e087",
"appidacr": "1"
}
Am I missinging something in app configuration in Azure, or in how I am requesting the token?
AuthenticationResult ar;
ClientCredential clientCredential = new ClientCredential(clientId, clientSecret);
try
{
ar = authContext.AcquireToken(resourceUri, clientCredential);
}
catch (Exception e)
{
...
}
JObject payload = new JObject();
payload["access_token"] = ar.AccessToken;
...
I have the two added roles appears for configuration in Azure and assigned them to the Application:
Perhaps, I need a different approach for application-specific roles or permissions, which I figure need to be properly entered into the manifest.
Thank you
Tom Schulte / Plex Systems