0

There is an App Registration in Azure where the client id is 00001111-aaaa-2222-bbbb-3333cccc4444 and a scope is api://3f4c1d35-3161-4c45-b5ec-ff7be4e89473/access_as_user and a redirect URI is https://jwt.ms. What would be the browser openable URL that redirects to https://jwt.ms and shows JWT with scope on it?

If one uses the Azure CLI, the commands would be something like

az login --scope api://3f4c1d35-3161-4c45-b5ec-ff7be4e89473/access_as_user
az account get-access-token --resource "api://3f4c1d35-3161-4c45-b5ec-ff7be4e89473" --scope "api://3f4c1d35-3161-4c45-b5ec-ff7be4e89473/access_as_user" --query accessToken

if one uses following URL

https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
client_id=00001111-aaaa-2222-bbbb-3333cccc4444
&response_type=id_token
&redirect_uri=https%3A%2F%2Fjwt.ms
&scope=openid%20api%3A%2F%2F3f4c1d35-3161-4c45-b5ec-ff7be4e89473%2Faccess_as_user
&response_mode=fragment
&state=12345
&nonce=678910

The scope is not included in JWT.

Improve this question
0

1 Answer 1

Reset to default
1

Here is how to do this:

Register a Single-Tenant Microsoft Entra ID Application and add redirect_uri: https://jwt.ms:

enter image description here

Configure the authentication tab of application like below:

enter image description here

Add the Application ID URI and expose an API access_as_user like below:

enter image description here

Now add the access_as_user permission and grant Admin Consent:

enter image description here

Now, run the below request in the browser:

https://login.microsoftonline.com/<tenant-id>/oauth2/v2.0/authorize?
client_id=<application-id>
&response_type=token
&redirect_uri=https://jwt.ms
&scope=api://<application-id>/access_as_user
&response_mode=fragment
&state=12345
&nonce=678910

You should now successfully get scp in your JWT:

enter image description here

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.