generating common access token for MS graph api and custom api
I have an Angular app and Python REST API server. I have created 2 Azure AD apps for authentication - one SPA Azure Ad app and another Webapi Azure AD app. I have exposed an API from Azure AD app api:///Files.Read. I am using msal v3.
The authentication works fine now I have to implement authorisation. Therefore, I have defined the roles in Webapi Azure AD app and in this app itself I am managing the assignment of the roles to the users. I want the role information in the Angular app to show role based views/screens/interfaces. For getting information of roles, I am relying on Microsoft graph API as I do not want to store and access the access token from local storage and session storage.
How can I generate an access token which can commonly be used for accessing roles from Graph API and my Python API server? Is it even possible to have a common access token? If yes, How should the configuration be done in the msal config such that the access token is generated for both the audiences - graph api and python api?
Note that: It is not possible to generate a single access token for different resource that is Microsoft Graph and the Web Api.
- One access token can have only one aud not two or more.
- The aud claim in an access token is specific to the API or resource the token is issued for.
- Hence to access Microsoft Graph and the Web Api, you need to generate two distinct/different access tokens.
Otherwise, as a workaround you can get the roles and scopes of the signed in user in one access token like below:
Created a Microsoft Entra ID application and exposed an API:
And created app role:
Assigned user to the role:
For sample generated access token by using below parameters:
GET https://login.microsoftonline.com/TenantID/oauth2/v2.0/token
client_id: ClientID
grant_type: authorization_code
scope: api://xxx/.default
redirect_uri: RedirectURL
code: code
client_secret: Secret
The access token will contain roles and scp claims:
- angular 19 - APP_INITIALIZER deprecation
- Accessing an Angular application from devices from same network
- Angular - Issue with routerLink and state
- HTTP GET throws TypeError: Cannot read properties of undefined (reading 'length')
- how to change angular stepper progress color when next step active
- How to set providers in Angular v19 SSR?
- @Output in child component is undefined when trying to emit Angular v17
- Why does instanceof Observable return false in my tests?
- Scrolling disappeared in angular ionic
- Unable to make text bold in SVG
- Consuming multiple properties via @Input() decorator in Angular 2
- How to add a number by pressing the button
- NgIf and zero: Why is the template not being rendered?
- Angular computed signal in component does not update when service signal changes
- How to set CKEditor 5 height
- The callback was already called for LoaderRunner due to bootstrap version ^3.4.1
- HttpContextToken always false while using HttpInterceptorFn
- Why does the navbar not take the theme I am trying to assign
- 'imports' is only valid on a component that is standalone
- NX Unable to complete project graph creation. Worker stopped with exit code: 1
- Angular update 8 to 14 makes [hidden] not working anymore
- Angular 17 - In @if syntax, how to store returned value from a function in a variable and use it in the same @if block
- Angular 18 MatDialog panelClass styles not applying after upgrade from Angular 14
- Angular: ng-content doesn't render with *ngIf then else
- How to change Background Color of mat-chip of Angular Material 18
- How to exclude a library from Angular's cache?
- find function isn't working properly in angular and firebase
- How to get rid of "Imports array contains unused imports(-998113)"
- How can I show elements from an array
- How can I conditionally disable the routerLink attribute?