1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
There are a few things that need to be configured to get a custom scope working with Azure AD authentication on an Application Load Balancer (ALB):
-
The custom scope needs to be defined and exposed in the Azure AD app registration. Under Expose an API, define the custom scopes you want to use.
-
The ALB OAuth scope configuration should include both "openid" and your custom scope. For example:
--scopes openid api://xxxxxx/user.read
- The Azure AD token endpoint authorization request must include the custom scope along with "openid". For example:
/authorize?scope=openid api://xxxxxx/user.read
- The backend application must validate the access token and check for the custom scope being present.
So in summary:
- Define custom scope in Azure AD app registration
- Include custom scope in ALB oauth configuration
- Request custom scope when getting access token
- Validate custom scope in backend
This should allow the end to end authorization flow using a custom scope with Azure AD and ALB. Let me know if you have any other questions!
답변함 4달 전
관련 콘텐츠
- 질문됨 8달 전
- AWS 공식업데이트됨 3년 전
- AWS 공식업데이트됨 일 년 전
when I use openid and api://xxxxxx/user.read together I get 561 error