1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
0
There are a few things that need to be configured to get a custom scope working with Azure AD authentication on an Application Load Balancer (ALB):
-
The custom scope needs to be defined and exposed in the Azure AD app registration. Under Expose an API, define the custom scopes you want to use.
-
The ALB OAuth scope configuration should include both "openid" and your custom scope. For example:
--scopes openid api://xxxxxx/user.read
- The Azure AD token endpoint authorization request must include the custom scope along with "openid". For example:
/authorize?scope=openid api://xxxxxx/user.read
- The backend application must validate the access token and check for the custom scope being present.
So in summary:
- Define custom scope in Azure AD app registration
- Include custom scope in ALB oauth configuration
- Request custom scope when getting access token
- Validate custom scope in backend
This should allow the end to end authorization flow using a custom scope with Azure AD and ALB. Let me know if you have any other questions!
répondu il y a 4 mois
Contenus pertinents
- demandé il y a un an
- demandé il y a un an
- demandé il y a 2 mois
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a 3 mois
- AWS OFFICIELA mis à jour il y a 2 ans
when I use openid and api://xxxxxx/user.read together I get 561 error