Overview
When configuring federated authentication with Azure AD and OAuth/OpenID, you may need to specify "UseIDTokenAsAccessToken": "true" under the advanced Client settings. However, Azure AD usually resets this back to False, so the setting does not work.
Solution
If you specify "UseIDTokenAsAccessToken": "true" under the advanced Client settings, then make sure to add the following setting under the Server settings in the configuration JSON on the Advanced tab:
"PreserveClientSpecificSetting_UseIDTokenAsAccessToken": "true"
This will force Azure AD and M-Files to really use the ID Token as the Access Token.
Please refer to the partial configuration example below:
[
{
"configurations": [
{
"tmpProtocol": "oauth",
"oauthSettings": {
"client": {
"tmpExtras": "yes",
"UseIdTokenAsAccessToken": "true",
"ClientID": "fe19542e-d352-4499-bd9c-24cd6b2183ca"
},
"server": {
"AccountClaim": "upn",
"Audience": "fe19542e-d352-4499-bd9c-24cd6b2183ca",
"IdentityProviderMetadata": "https://login.microsoftonline.com/77bg065e-b4b4-4375-84df-gdd3d7b3a937/v2.0/.well-known/openid-configuration",
"PreserveClientSpecificSetting_UseIDTokenAsAccessToken": "true"
}
},
"name": "Azure AD authentication"
}
],
"tmpScopeName": "*",
"defaultConfiguration": "Azure AD authentication"
}
]
