-
Notifications
You must be signed in to change notification settings - Fork 346
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Request] WAM support for no scopes #3675
Comments
@gladjohn @bgavrilMS Will C++ layer be updated to accept empty (or msal only) scopes? Couldn't find a related issue in DevOps. cc: @azchohfi |
here is the internal bug tracking this, but I do not think Interop/MSALRuntime (C++) will accept empty/null scopes. For the broker we did check to see if scopes are being passed. (by fixing authenticationRequestParameters.HasScopes logic) This is what I see with the dev app for the new broker :
|
If you just want to login the user, please ask for "User.Read" Graph scope @azchohfi Note that MSAL library isn't really meant for authentication, but for calling downstream APIs. As such, we don't offer a good developer experience for just logging in the user. In pure OIDC terms, you can rely strictly on id token for authentication, but MSAL's API are all targeted at access tokens. Concepts like expiration and silent refresh only look at access tokens. ASP.NET Core handles the authentication part on its own, it does id token management etc. However, public client apps developers have to do this manually. Most applications, including big 1p apps, rely on access token / refresh token semantics, i.e. as long as Hope this helps. |
@azchohfi can you please start an email thread with our team for the requirement you have on no scopes, so we can better understand the situation |
Let's revisit this when MSAL C++ supports the scenario - https://github.com/AzureAD/microsoft-authentication-library-for-cpp/pull/3299 |
Logs and network traces
none
Which version of MSAL.NET are you using?
latest
Platform
any
Repro
Expected behavior
Friendly exception
Actual behavior
Flow proceeds and results in unfriednly exceptions
Fix: authenticationRequestParameters.HasScopes returns true if empty string is passed as scopes
The text was updated successfully, but these errors were encountered: