Advanced "ms-identity-javascript-v2" sample

[mmigge]

Core Library

MSAL.js v2 (@azure/msal-browser)

Core Library Version

^2.28.0

Wrapper Library

Not Applicable

Wrapper Library Version

None

Public or Confidential Client?

Public

Description

Hello,

I am working with the tutorial abc and have been able to load and run it without any problems. In a next step I wanted to extend the existing functions and I have difficulties:

I have added a button to the interface which asks for a list of available Azure DevTestLabs. I use the following endpoint for this:
GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.DevTestLab/labs?api-version=2018-09-15
The documentation for it is available at this URL: list-by-subscription

I have tried various approaches and unfortunately I am not getting anywhere, I would be very grateful for ideas and tips!

All added code snippets I have attached, I otherwise use the code from the example.

MSAL Configuration

auth: {
        // 'Application (client) ID' of app registration in Azure portal - this value is a GUID
        clientId: "<copied_from_azure_portal>",

        // Full directory URL, in the form of https://login.microsoftonline.com/<tenant>
        authority: "https://login.microsoftonline.com/<copied_from_azure_portal",
        
        // Full redirect URL, in form of http://localhost:3000
        redirectUri: "http://localhost:3000"
    }

Relevant Code Snippets

// New scopes for request:
const devTestLabRequest = {
    scopes: ["User.Read", "https://management.azure.com/user_impersonation"],
    forceRefresh: true // Set this to "true" to skip a cached token and go to the server to get a new token
};

// devTestLabEndpoint for the function call
devTestLabEndpoint: "https://management.azure.com/subscriptions/<copied_from_azure_portal>/providers/Microsoft.DevTestLab/labs?api-version=2018-09-15"


// Function call, which is being triggered by an UI button:
function getDevTestLabs(){   
    getTokenRedirect(devTestLabRequest)
    .then(response => {
        callMSGraph(devTestLabEndpoint, response.accessToken, updateUI);
    }).catch(error => {
        console.error(error);
    });
}

Identity Provider

Azure AD / MSA

Source

External (Customer)

[tnorling]

@mmigge What specifically is not working? What errors are you getting, if any?

[mmigge]

Hi @tnorling ,

a 401 error is returned for the following call (should return "Labs - List By Subscription")
https://management.azure.com/subscriptions/<clientId-from-portal>/providers/Microsoft.DevTestLab/labs?api-version=2018-09-15

Before the failed request, a token is successfully queried using:
https://login.microsoftonline.com/<tenantId-from-portal>/oauth2/v2.0/token

In summary, the query Labs - List By Subscription fails.
But I don't know if it is due to Azure App settings, tokens or other things. Do you have any idea?

[tnorling]

Try removing User.Read from your scopes list. This is an MS Graph scope which is a different resource. It's possible you are getting an MS Graph scope instead of the one you need

[mmigge]

That worked, I should have asked earlier. I spent so much time reading documentation...

Thank's a lot!