cannot get AAD Federation metadata from endpoint you specified about active-directory-javascript-nodejs-webapi-v2 HOT 13 CLOSED

@DarkLite1 seems like the readme is misleading, apologies for the confusion. The identityMetadata should also include the .../v2.0/.well-known/openid-configuration. So to clarify,

1. On Azure Portal, go to your App Registration, and click on the Endpoints link in the Overview tab. There, check the string for OpenID Connect Metadata document. This is your identityMetadata.

2. Still on Azure Portal>App Registration, check the Manifest tab. Make sure your accessTokenAcceptedVersion property in app manifest is set to 2.

You should then be able to call your api without issues. Again, apologies for the mistake -I'll update the readme (but feel free to suggest a PR if you like)

from active-directory-javascript-nodejs-webapi-v2.

Thank you, this helped me out.

from active-directory-javascript-nodejs-webapi-v2.

@derisen Your comment on July 6, 2020 helped me out greatly. My problem was a typo in the tenant name in the config file, but it manifested itself with the error that @DarkLite1 reported. This put me on the right path.

from active-directory-javascript-nodejs-webapi-v2.

@Jamal8548 Unfortunately we don't have any examples using Apollo server at the moment, but we can consider adding this to the backlog

from active-directory-javascript-nodejs-webapi-v2.

thanks, I'll make sure to get that fixed

from active-directory-javascript-nodejs-webapi-v2.

In My App accessTokenAcceptedVersion is set to null so it default to 1 i guess.
now i tried using below configs.

const bearerStrategy = new BearerStrategy({
    identityMetadata: "https://login.microsoftonline.com/XXXXX/.well-known/openid-configuration",
    clientID: "XXXXX",
    validateIssuer: false,
    loggingLevel: 'info',
    passReqToCallback: false
}, (token, done) => {
    // Send user info using the second argument
    done(null, {}, token);
}
);

But I am receiving same error

from active-directory-javascript-nodejs-webapi-v2.

same problem here. @derisen, I cannot find Endpoints link in my Overview tab.

from active-directory-javascript-nodejs-webapi-v2.

@thelements please set the accessTokenAcceptedVersion to 2 in the Portal>Manifest. You should be good to go after.

@sinkaz take a look it the screenshot below:

from active-directory-javascript-nodejs-webapi-v2.

SOLUTION: (REACT and NODE-JS) B2C SOLUTION-> I was still not able to fetch api results because in the documentation for API (config.json) file it is written as below:
credentials -> tenantName: The first part of your Azure AD B2C tenant name. FOR EXAMPLE CONTOSO. which is wrong,
PLEASE ADD full domain contoso.onmicrosoft.com :)

from active-directory-javascript-nodejs-webapi-v2.

@Jamal8548 can you share here which document you're looking at?

from active-directory-javascript-nodejs-webapi-v2.

@derisen Here is the link.
https://docs.microsoft.com/en-us/azure/active-directory-b2c/configure-authentication-sample-react-spa-app

from active-directory-javascript-nodejs-webapi-v2.

@derisen i have one short question, solution which i was looking, i also send you link is for Reactjs and Nodejs(Express.js) but what if we don't use express.js in node and instead of express i am using Apollo Server( GraphQL ) but there is no documentation on this specific topic. Do you have any idea how can i apply this in Apollo server ( graphql ) i am not using express( rest Api ). I would appreciate if you would suggest me something.

from active-directory-javascript-nodejs-webapi-v2.

@derisen would you please give me your valuable feedback in this regard. I am student.

USE CASE: My project is based on React(Front end) -NodeJs(API). I want authentication and authorization (both) in my project. Currently, I tried it with Azure AD B2C but how can I get authorization in it. I mean some users are admin users and only they have access to some endpoints. I researched about it and found that it may get users from Azure AD (graphAPI) before generating a token or something like that... so please recommend the best solution for the upper use case. I want the best solution which is less in cost and effective. As i read that with Azure AD B2C first 50,000 users / month are free and i could not find how many users are free with Azure AD and in the end please recommend me that should i go with only Azure AD (it's expensive) Or i should go with Azure AD B2C(50,000users/per month free- less cost) but one drawback that authorization is not a feature of Azure AD B2C, so should i go with the above recommended solution that to get users from Azure AD for authorization and use Azure AD B2C? Your valuable feedback would be highly appreciated for the above chaos.

from active-directory-javascript-nodejs-webapi-v2.