1 Respuesta
- Más nuevo
- Más votos
- Más comentarios
0
There are a few things that need to be configured to get a custom scope working with Azure AD authentication on an Application Load Balancer (ALB):
-
The custom scope needs to be defined and exposed in the Azure AD app registration. Under Expose an API, define the custom scopes you want to use.
-
The ALB OAuth scope configuration should include both "openid" and your custom scope. For example:
--scopes openid api://xxxxxx/user.read
- The Azure AD token endpoint authorization request must include the custom scope along with "openid". For example:
/authorize?scope=openid api://xxxxxx/user.read
- The backend application must validate the access token and check for the custom scope being present.
So in summary:
- Define custom scope in Azure AD app registration
- Include custom scope in ALB oauth configuration
- Request custom scope when getting access token
- Validate custom scope in backend
This should allow the end to end authorization flow using a custom scope with Azure AD and ALB. Let me know if you have any other questions!
respondido hace 4 meses
Contenido relevante
- OFICIAL DE AWSActualizada hace 3 meses
- OFICIAL DE AWSActualizada hace un año
- OFICIAL DE AWSActualizada hace 2 años
- OFICIAL DE AWSActualizada hace 2 años
when I use openid and api://xxxxxx/user.read together I get 561 error