I am trying find documentation on "ALLOWED TOKEN AUDIENCES" in Azure, but there does not appear to be any. The value that I have placed in there was the resourceid that was returned with the token. What does this mean? any link to documentation will be much appreciated. PS. the learning link on the actual page mentions nothing about this, and the screenshots appear to be older and do not have this field. thanks in advance <img src="https://i.stack.imgur.com/Q1CpX.png" alt="enter image description here">

I've been stumbling around the documentation, too. Here's what I've gotten to work with an Angular Front-end app that consumes a back-end API app. In the front-end app, the user clicks a link and authenticates with Azure Directory. The token is kept in session in the browser. Next, the user wants to interact with the API app. Here's how: <ul> <li>Go to the API App's App Service in Azure.</li> <li>Navigate to Authentication/Authorization</li> <li>Turn "ON" App Service Authentication</li> <li>Under Authentication Providers Select "Azure Active Directory"</li> <li>Choose "Advanced" button</li> <li>In the Client ID field insert the "Application ID" from your API App's Azure Active Directory App Registration. You should have registered the API app in Azure Active Directory, already.</li> <li>In the "Allowed Token Audiences" field insert the "Application ID" from your front-end app's Azure Active Directory App Registration. You should have registered the front-end app in Azure Active Directory, already.</li> </ul> Security is so important. It blows my mind how confusing the documentation is around this stuff. Owin/Katana looks like it's on the way out. Based on this configuration, you wont need any of it. The other sign that Owin is a goner is the massive breaking change related to Microsoft/System IdentityModel that seems impossible build, discern, fix, yada yada. I wish Microsoft would create an "endpoint" that would show what's out and what's in. and how to do this particular step. If you can get your apps to do this, it's real clean. <img src="https://i.stack.imgur.com/jvkOB.png" alt="enter image description here">

Azure active directory - Allowed token audiences

I am trying find documentation on "ALLOWED TOKEN AUDIENCES" in Azure, but there does not appear to be any. The value that I have placed in there was the resourceid that was returned with the token.

What does this mean? any link to documentation will be much appreciated.

PS. the learning link on the actual page mentions nothing about this, and the screenshots appear to be older and do not have this field.

thanks in advance

enter image description here

What is allowed token audiences?

Allowed audiences in Azure AD terms usually means "The values of the aud claim that we will consider valid for this API". So if someone calls your API that is protected by Azure AD, the aud claim in the token must match one of the defined ones here.

How many objects does an Azure AD tenant allow by default?

If you have at least one verified domain, the default directory service quota in Azure AD is 300,000 objects.

What is delegated permissions in Azure?

Delegated permissions are used in the delegated access scenario. They're permissions that allow the application to act on a user's behalf. The application will never be able to access anything the signed in user themselves couldn't access.

What is the difference between access token and ID token in Azure?

Access tokens are what the OAuth client uses to make requests to an API. The access token is meant to be read and validated by the API. An ID token contains information about what happened when a user authenticated, and is intended to be read by the OAuth client.

I've been stumbling around the documentation, too. Here's what I've gotten to work with an Angular Front-end app that consumes a back-end API app.

In the front-end app, the user clicks a link and authenticates with Azure Directory. The token is kept in session in the browser.

Next, the user wants to interact with the API app.
Here's how:

Go to the API App's App Service in Azure.
Navigate to Authentication/Authorization
Turn "ON" App Service Authentication
Under Authentication Providers Select "Azure Active Directory"
Choose "Advanced" button
In the Client ID field insert the "Application ID" from your API App's Azure Active Directory App Registration. You should have registered the API app in Azure Active Directory, already.
In the "Allowed Token Audiences" field insert the "Application ID" from your front-end app's Azure Active Directory App Registration. You should have registered the front-end app in Azure Active Directory, already.

Security is so important. It blows my mind how confusing the documentation is around this stuff. Owin/Katana looks like it's on the way out. Based on this configuration, you wont need any of it. The other sign that Owin is a goner is the massive breaking change related to Microsoft/System IdentityModel that seems impossible build, discern, fix, yada yada. I wish Microsoft would create an "endpoint" that would show what's out and what's in. and how to do this particular step. If you can get your apps to do this, it's real clean.

enter image description here

Azure active directory - Allowed token audiences

Tags:

noobie

People also ask

1 Answers

LargeDachshund

Recent Activity

Donate For Us

Azure active directory - Allowed token audiences

Tags:

noobie

People also ask

1 Answers

LargeDachshund

Related questions

Recent Activity

Donate For Us