question

CharlieChen-9696 avatar image
0 Votes"
CharlieChen-9696 asked CharlieChen-9696 commented

unable to get access token from app registration from web app with JS

Hi there,

I have a poweautomate HTTP endpoint secured by API management service, which implements JWT validate policy against one of my app registration.

What I can do is:

  1. running Azure CLI "az login" and "az account get-access-token --resource api://67568467-a9c0-4249-8854-**3" ,

  2. Send a request to API management service with above token and get the response from PowerAutomate from Postman

What I need to do is:
1. user login to an web app secured by the app registration with its company account,
2. web app acquires access token from the same app registration for the login user silently and uses it in the request to API management. However, I can't do it with MSAL.js.

I don't find any documentation to help me achieve the programming route.




azure-api-managementazure-ad-app-registration
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

CharlieChen-9696 avatar image
0 Votes"
CharlieChen-9696 answered CharlieChen-9696 commented

@PramodValavala-MSFT Thanks for replying. To be honest, it's quite confusing reading the docs for MSAL. I tried using below code. but no luck with error message: Uncaught (in promise) ClientAuthError: User login is required.

function getStsToken() {

 let config = {
     auth: {
         clientId: "67568467-a9c0-4249-8854-2***********3",
         authority: "https://login.microsoftonline.com/4************-a9d7-433d-ab8f-cbc6d3a41ee4/"
     },
     cache: {
         cacheLocation: "sessionStorage"
     }
 };

 let graphConfig = {
     graphEndPoint: "https://graph.microsoft.com/v1.0/me"
 };

 let requestPermissionScope = {
     scopes: ["api://67568467-a9c0-4249-8854-2**************3/***********_APIM"]
 };

 const myMSALObj = new Msal.UserAgentApplication(config);

 myMSALObj.acquireTokenSilent(requestPermissionScope).then(function(result) {
     if (result != undefined) {
         var headers = new Headers();
         var bearer = "Bearer " + result.accessToken;
         headers.append("Authorization", bearer);
         var options = {
             method: "GET",
             headers: headers
         };

         fetch(graphConfig.graphEndPoint, options)
             .then(function(response) {
                 //do something with response  

                 if (response.status == 200) {
                     var data = response.json();
                     data.then(function(userinfo) {
                         var printResponse = JSON.stringify(userinfo)
                             //Print the JSON string                        
                         console.log(printResponse)
                     })
                 }
             });
     }
 }).catch(
     e => { console.log(e) }
 );

}

· 7
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@CharlieChen-9696 As the error suggests, you will have to get the user to login first and then you can get the token as required. The docs for msal.js covers the steps required.


0 Votes 0 ·

Thanks for the tips. The "login" and authentication are accomplished by app services feature when user accesses the web app from browser. When the web app tries to get access token after the app service "login", this is where I get stuck.


98355-appservcieauth0.png


0 Votes 0 ·
appservcieauth0.png (32.8 KiB)

@CharlieChen-9696 You are using separate ways of authentication together. So, I believe you can use the ssoSilent API to fetch the token leveraging the existing session.



0 Votes 0 ·
Show more comments
PramodValavala-MSFT avatar image
0 Votes"
PramodValavala-MSFT answered

You will have to use the acquireTokenSilent with the appropriate scopes (for example api://67568467-a9c0-4249-8854-**3/read) to fetch the token for the API.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.