oauth2-azure icon indicating copy to clipboard operation
oauth2-azure copied to clipboard
verified publisher icon TheNetworg

Unable to obtain token with different AUD

Open Curthbert opened this issue 5 years ago • 1 comments

Hi, I am relatively new to PHP. I am trying to authorize my website to get access to rest api which will provide employee ID based on value "name" from the token. When accessing the api my token is not accepted because aud and scp values are incorrect. I was told that my token needs to contain aud and scope values:

"aud": "https://ABCDEFG.com/ABCDEFG-ABCDEFG-ABCD-ABCD-ABCDEFG"
"scp": "user_impersonation"

while my token contains:

"aud": "https://graph.microsoft.com/" "scp": "Directory.AccessAsUser.All Directory.Read.All openid User.Read User.ReadBasic.All"

(original AUD content replaced with letters)

I've spend couple days trying to google a solution without success. How can I change the target audience in the token?

Usage of the scope doesn't affect the token's code at all either. $provider->scope = 'user_impersonation';

Thank you

Curthbert avatar Jun 04 '20 11:06 Curthbert

It looks like you are obtaining token for incorrect resource - eg. Microsoft Graph. You API should be a separate resource. Please check out the https://github.com/TheNetworg/oauth2-azure#protecting-your-api---experimental for sample code.

hajekj avatar Jun 04 '20 17:06 hajekj