You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There are a few cases where API code needs to know whether or not the current auth token being processed is a "daemon token" (app-only token) or a "user token". The most common scenario is when the same action should be available for both users and applications, but the authorization requirements should be different for each one (say, the user requires a scope, while the app requires an app role). The only way to conditionally validate these auth requirements is to actively check the token type and apply the specific validation.
MSDN does talk explicitly about these token checks here:
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
There are a few cases where API code needs to know whether or not the current auth token being processed is a "daemon token" (app-only token) or a "user token". The most common scenario is when the same action should be available for both users and applications, but the authorization requirements should be different for each one (say, the user requires a scope, while the app requires an app role). The only way to conditionally validate these auth requirements is to actively check the token type and apply the specific validation.
MSDN does talk explicitly about these token checks here:
However, this check is quite a bit convoluted and verbose to be maintained by each consuming application that needs to differentiate the token types.
Would it make sense to just expose this logic in an extension, so that it can be called in the
ClaimsPrincipaldirectly?Related:
Beta Was this translation helpful? Give feedback.
All reactions