How to configure msal-angular interceptor to send an access token (v2) to own domain (self)

Published

I updated to @azure/msal-angular v2 from v1. And I cannot figure out how to configure it to send an access token to my backend hosted on the same domain.

So when my frontend makes a request to /api/foo then the MsalInterceptor should attach my access token in the version 2 format – not version 1.

This makes it send a version 1 access token

const msalInterceptorConfig: MsalInterceptorConfiguration = {
  interactionType: InteractionType.Redirect,
  protectedResourceMap: new Map([
    ['/', ['openid']],
  ]),
};

I have managed to "trick" it by adding

const msalInterceptorConfig: MsalInterceptorConfiguration = {
  interactionType: InteractionType.Redirect,
  protectedResourceMap: new Map([
    ['/', [`api://${clientId}/access_as_user`]],
  ]),
};

But then AzureAD starts complaining

AADSTS90009: Application is requesting a token for itself. This scenario is supported only if resource is specified using the GUID based App Identifier

So that’s not an option.
How do I make MsalInterceptor send a version 2 access token to /?

Source: Angular Questions

Answers

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Still Have Questions?


Our dedicated development team is here for you!

We can help you find answers to your question for as low as 5$.

Contact Us
faq