OIDC code flow with pkce - access-token #1730
Labels
question
Further information is requested
Comments
|
See #1726 (comment) |
|
Thank you for the answer. I don't think it's that (I tried it). I will add some context. I'm using Entra id, with a custom API as a ressource. From different sources, this is required to acquired a v2.0 access_token. But in the received access_token, there is only the graph scopes, not my custom API scope (and still a v1.0 access_token). When I'm debugging, I see my scope being requested in the /authorize call but not in the /token call |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
I'm new with this library and maybe I do something wrong, but my access token doesn't contain all the requested scopes. When I looked it up in google the AI said
"When requesting OpenID Connect (OIDC) tokens, the requested scopes must be included in both the /authorize and /token requests. [...]."
In the exchangeCode function (where the /token endpoint is called), the scopes are not used. So my question, is my comprehension wrong or the exchangeCode function lack something?
Thanks you all.
The text was updated successfully, but these errors were encountered: