Jonas Krüger Svensson
Jonas Krüger Svensson
> when I decode the access token issuer id is https://sts.windows.net// Sounds like you haven't changed the token version to v2 in the manifest. Do that and give it 24...
> The configured groups claim groups was not found in the access token This can be configured.
It's regex, so you could add a `*` or similar at the end. E.g. `apis/*`
Please provide an example GitHub repo we can look at, or enough context for us to reproduce.
You can decode an access token at https://jwt.io and see what is sent with the token. I suspect either there is no email sent, or the mapping is wrong.
How long the token is valid for and how you decide to configure your sessions is in my opinion two different things in an MVC app. In restful (DRF) APIs,...
I don't see why this has to be implemented? Set session time out to the same time as expiration of the token and everything is solved?
So, there's these benefits: - tokens are renewed, and groups therefor renewed, without the user having to log out and in again - the user won't be redirected to ADFS...
I'm a bit confused, why don't [this setting](https://django-auth-adfs.readthedocs.io/en/latest/settings_ref.html#username-claim) work?
Azure AD uses OIDC whether you want it or not. It even adds more on top of Oauth2 and OIDC in multi-tenant apps. Access tokens should be used to authenticate...