1 Risposta
- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
0
There are a few things that need to be configured to get a custom scope working with Azure AD authentication on an Application Load Balancer (ALB):
-
The custom scope needs to be defined and exposed in the Azure AD app registration. Under Expose an API, define the custom scopes you want to use.
-
The ALB OAuth scope configuration should include both "openid" and your custom scope. For example:
--scopes openid api://xxxxxx/user.read
- The Azure AD token endpoint authorization request must include the custom scope along with "openid". For example:
/authorize?scope=openid api://xxxxxx/user.read
- The backend application must validate the access token and check for the custom scope being present.
So in summary:
- Define custom scope in Azure AD app registration
- Include custom scope in ALB oauth configuration
- Request custom scope when getting access token
- Validate custom scope in backend
This should allow the end to end authorization flow using a custom scope with Azure AD and ALB. Let me know if you have any other questions!
con risposta 4 mesi fa
Contenuto pertinente
- AWS UFFICIALEAggiornata 3 mesi fa
- AWS UFFICIALEAggiornata un anno fa
- AWS UFFICIALEAggiornata 9 mesi fa
- AWS UFFICIALEAggiornata 2 anni fa
when I use openid and api://xxxxxx/user.read together I get 561 error