1 回答
- 最新
- 投票最多
- 评论最多
0
There are a few things that need to be configured to get a custom scope working with Azure AD authentication on an Application Load Balancer (ALB):
-
The custom scope needs to be defined and exposed in the Azure AD app registration. Under Expose an API, define the custom scopes you want to use.
-
The ALB OAuth scope configuration should include both "openid" and your custom scope. For example:
--scopes openid api://xxxxxx/user.read
- The Azure AD token endpoint authorization request must include the custom scope along with "openid". For example:
/authorize?scope=openid api://xxxxxx/user.read
- The backend application must validate the access token and check for the custom scope being present.
So in summary:
- Define custom scope in Azure AD app registration
- Include custom scope in ALB oauth configuration
- Request custom scope when getting access token
- Validate custom scope in backend
This should allow the end to end authorization flow using a custom scope with Azure AD and ALB. Let me know if you have any other questions!
已回答 4 个月前
相关内容
- AWS 官方已更新 3 年前
- AWS 官方已更新 3 个月前
- AWS 官方已更新 2 年前
when I use openid and api://xxxxxx/user.read together I get 561 error