oidc-client-ts icon indicating copy to clipboard operation
oidc-client-ts copied to clipboard
verified publisher icon authts

OIDC code flow with pkce - access-token

Open JMR57172 opened this issue 1 year ago • 2 comments

Hi,

I'm new with this library and maybe I do something wrong, but my access token doesn't contain all the requested scopes. When I looked it up in google the AI said

"When requesting OpenID Connect (OIDC) tokens, the requested scopes must be included in both the /authorize and /token requests. [...]."

In the exchangeCode function (where the /token endpoint is called), the scopes are not used. So my question, is my comprehension wrong or the exchangeCode function lack something?

Thanks you all.

JMR57172 avatar Nov 01 '24 22:11 JMR57172

See https://github.com/authts/oidc-client-ts/issues/1726#issuecomment-2451930363

pamapa avatar Nov 05 '24 12:11 pamapa

Thank you for the answer. I don't think it's that (I tried it).

I will add some context. I'm using Entra id, with a custom API as a ressource. From different sources, this is required to acquired a v2.0 access_token. But in the received access_token, there is only the graph scopes, not my custom API scope (and still a v1.0 access_token). When I'm debugging, I see my scope being requested in the /authorize call but not in the /token call

JMR57172 avatar Nov 05 '24 13:11 JMR57172