You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am creating a new SIngle-SPA portal for our internal customers.
I have created the SIngle-SPA and tied in several micro-apps. The user MSAL authentication is done via a login microapp that sets the session information that is read by the other micro-apps to know the user is logged in. That app is using SP A's client ID.
Then the user navigates to another Micro-app, which works fine.The other app uses the same client ID to find the users auth and allow the user to proceed. BUT the second app has its own capabilities and makes use of some Microsoft Graph delegated permissions (such as corp wide email lookup done while filling out a form). It is here that things break.
Even though the accessToken is using the second app's audience, I'm getting a 401 Unauthorized error. The app who's client is used to authenticate is in the same tenant as the second app that is geting an accessToken but with its own scopes. The error occurs when using the token { "error": { "code": "InvalidAuthenticationToken", "message": "Access token validation failure. Invalid audience.", "innerError": { "date": "2023-11-29T21:38:21", "request-id": "d631dade-************", "client-request-id": "d631d*************" } } }
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
I am creating a new SIngle-SPA portal for our internal customers.
I have created the SIngle-SPA and tied in several micro-apps. The user MSAL authentication is done via a login microapp that sets the session information that is read by the other micro-apps to know the user is logged in. That app is using SP A's client ID.
Then the user navigates to another Micro-app, which works fine.The other app uses the same client ID to find the users auth and allow the user to proceed. BUT the second app has its own capabilities and makes use of some Microsoft Graph delegated permissions (such as corp wide email lookup done while filling out a form). It is here that things break.
Even though the accessToken is using the second app's audience, I'm getting a 401 Unauthorized error. The app who's client is used to authenticate is in the same tenant as the second app that is geting an accessToken but with its own scopes. The error occurs when using the token
{ "error": { "code": "InvalidAuthenticationToken", "message": "Access token validation failure. Invalid audience.", "innerError": { "date": "2023-11-29T21:38:21", "request-id": "d631dade-************", "client-request-id": "d631d*************" } } }
What am I missing? Please someone help!!
Beta Was this translation helpful? Give feedback.
All reactions