Skip to content

BFF tutorial with Azure Entra ID External #229

Answered by ch4mpy
hajekt2 asked this question in Q&A
Discussion options

You must be logged in to vote

Microsoft Entra ID looks like an OIDC Provider, but doesn't satisfy the OIDC discovery and OpenID tokens specifications for V1 tokens (which is the default for Entra apps).

To switch to V2 tokens, edit the manifest to set api.requestedAccessTokenVersion: 2.

This can be done under Applications -> App registrations -> {appName} -> Manifest -> Microsoft Graph App Manifest (New)

Another option is to disable OIDC discovery and issuer validation during tokens validation (leave issuer-uri and iss empty in properties). But this is pretty dirty and I'd rather advise using something else than a Microsoft authorization server, or hiding it behind an actual OIDC Provider if you can't do without.

Samp…

Replies: 4 comments 1 reply

Comment options

You must be logged in to vote
0 replies
Comment options

You must be logged in to vote
0 replies
Comment options

You must be logged in to vote
0 replies
Answer selected by ch4mpy
Comment options

You must be logged in to vote
1 reply
@ch4mpy
Comment options

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
3 participants