Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for opaque AAD access tokens #107845

Merged
merged 2 commits into from Oct 1, 2020
Merged

Add support for opaque AAD access tokens #107845

merged 2 commits into from Oct 1, 2020

Conversation

olegoid
Copy link
Contributor

@olegoid olegoid commented Sep 30, 2020
edited

Consider the following set of scopes:
'profile', 'openid', 'offline_access', '9bd5ab7f-4031-4045-ace9-6bebbad202f6/all'

where return JSON looks somewhat like this:
https://gist.github.com/olegoid/7fec1889e98844686f84ae903a2e8d50

access_token claim parsing fails with Unable to read token claims error. For some resource scopes, AAD can issue so-called "opaque" tokens that are not supposed to be parsed. In that situation, we can rely on id_tokens to fetch supplemental information such as user name, etc.

Here's the document that describes that scenario:
https://docs.microsoft.com/en-us/azure/active-directory/develop/access-tokens

You can also try to manually validate the access_token from my JSON and it will turn out as gibberish. Although, the id_token is a totally valid JWT.

@kieferrm kieferrm requested a review from chrmarti October 1, 2020 00:30
@kieferrm
Copy link
Member

kieferrm commented Oct 1, 2020

LGTM

@chrmarti pls review and merge if good.

@kieferrm kieferrm self-requested a review October 1, 2020 00:31
@olegoid olegoid requested a review from chrmarti October 1, 2020 17:41
chrmarti
chrmarti approved these changes Oct 1, 2020
View reviewed changes
Copy link
Contributor

@chrmarti chrmarti left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@chrmarti chrmarti merged commit f19ccd1 into microsoft:master Oct 1, 2020
@github-actions github-actions bot locked and limited conversation to collaborators Dec 4, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@kieferrm kieferrm kieferrm approved these changes

@chrmarti chrmarti chrmarti approved these changes

Assignees

@RMacfarlane RMacfarlane

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@olegoid @kieferrm @chrmarti @RMacfarlane