-
Notifications
You must be signed in to change notification settings - Fork 219
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug] Change RequiredScope to be based on policies #1002
Labels
Comments
Thanks for the heads-up @plamber |
@plamber we are removing the deprecated flag from the method will take a look at the links you provided. |
jennyf19
changed the title
[Bug] RequiredScope does not work with Azure Functions
[Bug] Change RequiredScope to be based on policies
Sep 29, 2021
Included in 1.18.0 release |
8 tasks
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Which version of Microsoft Identity Web are you using?
1.6.0
Where is the issue?
Repro
In your sample Function app application you are using the "RequiredScope" attribute to limit the access to the Function app. This does not work in this context codesnippet
To my understanding this is due to the different way Azure Functions follow the authorization life-cycle.
You can limit the access by using the deprecated "VerifyUserHasAnyAcceptedScope(ScopesRequired);"
Here an example on how to limit the required scope.
Expected behavior
Actual behavior
RequiredScope is ignored. The only way is to use VerifyUserHasAnyAcceptedScope
Possible solution
Most likely you have to create a dedicated class for the Azure Functions. You can find an example how to implement this here. The challenge is that this feature is in preview a while.
Alternatively, provide a dedicated VerifyUserHasAnyAcceptedScope function intended for Azure Functions.
The text was updated successfully, but these errors were encountered: