You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/app-service/tutorial-auth-aad.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -238,7 +238,7 @@ The commands effectively add a `loginParameters` property with additional custom
238
238
239
239
-`openid`, `profile`, and `email` are requested by App Service by default already. For information, see [OpenID Connect Scopes](../active-directory/develop/v2-permissions-and-consent.md#openid-connect-scopes).
240
240
-`api://<back-end-client-id>/user_impersonation` is an exposed API in your back-end app registration. It's the scope that gives you a JWT token that includes the back end app as a [token audience](https://wikipedia.org/wiki/JSON_Web_Token).
241
-
-[offline_access](../active-directory/develop/v2-permissions-and-consent.md#offline_access) is included here for convenience (in case you want to [refresh tokens](#when-access-tokens-expire)).
241
+
-[offline_access](../active-directory/develop/v2-permissions-and-consent.md#offline_access) is included here for convenience (in case you want to [refresh tokens](#what-happens-when-the-front-end-token-expires)).
242
242
243
243
> [!TIP]
244
244
> - To view the `api://<back-end-client-id>/user_impersonation` scope in the Azure portal, go to the **Authentication** page for the back-end app, click the link under **Identity provider**, then click **Expose an API** in the left menu.
@@ -286,7 +286,7 @@ The frontend app needs to pass the user's authentication with the correct `user_
286
286
287
287
This tutorial returns a _fake_ profile to simplify the scenario. The [next tutorial](tutorial-connect-app-access-microsoft-graph-as-user-javascript.md) inthis series demonstrates how to exchange the backend bearerToken for a newtokenwith the scope of a downstream Azure service, such as Microsoft Graph.
288
288
289
-
## <a name="call-api-securely-from-server-code"></a>Backend returns profile to frontend
289
+
## <a name="call-api-securely-from-server-code"></a>7.Backend returns profile to frontend
290
290
291
291
The App service rejects the request with a 401HTTP error code before the request reaches your application code. When your application code is reached, extract the bearerToken to get the accessToken.
292
292
@@ -312,7 +312,7 @@ if (bearerToken) {
312
312
}
313
313
```
314
314
315
-
## 7. Browse to the apps
315
+
## 8. Browse to the apps
316
316
317
317
1. Use the frontend web site in a browser. TheURL is in the formate of`https://<front-end-app-name>.azurewebsites.net/`.
318
318
1. The browser requests your authentication to the web app. Complete the authentication.
@@ -327,7 +327,7 @@ if (bearerToken) {
327
327
328
328
The `withAuthentication` value of**true** indicates the authentication _is_ set up yet.
329
329
330
-
## 8. Clean up resources
330
+
## 9. Clean up resources
331
331
332
332
In the preceding steps, you created Azure resources in a resource group.
333
333
@@ -356,7 +356,7 @@ In the preceding steps, you created Azure resources in a resource group.
356
356
357
357
The authentication inthis procedure is provided at the hosting platform layer by Azure App Service. There's no equivalent emulator. You must deploy the frontend and backend app and configuration authentication for each in order to use the authentication.
358
358
359
-
## The app isn't displaying _fake_ profile, how doI debug it?
359
+
### The app isn't displaying _fake_ profile, how doI debug it?
360
360
361
361
The frontend and backend apps both have `/debug` routes to help debug the authentication when this application doesn't return the _fake_ profile. The frontend debug route provides the critical pieces to validate:
0 commit comments