Home > Net >  Oauth v2 Bearer token has Oauth v1 attributes
Oauth v2 Bearer token has Oauth v1 attributes

Time:09-30

I have an Java backend app uses Azure Active Directory. I am using oauth2 bearer token to login. On backend side I am searching and using oauth2 attribute "preferred_username" and it works. However when I send login request from postman/insomnia there is oauth v1 token and there are oauth v1 attributes like instead of "preferred_username" there is "unique_name" but "ver" attribute is 1.0.enter image description here

The token type seems oauth2enter image description here

What causes this?

CodePudding user response:

Please check the URLs you are currently using to send login request via Postman.

To get v2.0 OAuth2 token, you need to use v2.0 endpoints:

Go to Azure Portal -> Azure Active Directory -> App Registrations -> Your App -> Overview -> Endpoints

enter image description here

In addition to that, ensure to modify Manifest file by changing accessTokenAcceptedVersion value to 2. By default, it will be null for single tenant applications.

I tried to reproduce the same in my environment and got below results:

Initially I generated access token with v2.0 endpoints, leaving Manifest file as default like below:

enter image description here

When I decoded the token, I found OAuth2 v1.0 attributes like below:

enter image description here

In order to get v2.0 token, I changed App's Manifest file like below:

enter image description here

I generated the access token via Postman with parameters like below:

POST https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/token

enter image description here

When I decoded the above token, I got OAuth2 v2.0 attributes successfully like below:

enter image description here

CodePudding user response:

In addition to @Sridevi s answer I realize that I need to add optional claim preferred_username as below from Azure Active Directory > App registrations > My App > Token Configuration. enter image description here

Related documentation is https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims

Both are fixed my issue.

  • Related