@henrydaehnke, the reason for that is that this scenarios to call a custom Web API were not available for the v2 endpoint at the time this guide was created. We will launch new guides to cover these standalone Web APIs scenarios. The main difference from Microsoft Graph is that the scopes being requested will be using a format similar to {Application ID URI}/{scope} (usually App Id URI is the Application Id, for example api://<Application ID>/access_as_user).

Please look at this code sample for an example using a native Windows Desktop application as a client.

Thank you for the very quick reply, and the code link. That was helpful, but I am a little confused about what capabilities are available with what library. It looks like from your comment and the example code that Azure AD v. 2.0 supports calls to custom APIs. Is this also supported in MSAL.js? I tried to call a custom API with version 0.1.5, but it failed. Is this now implemented in version 0.1.6?

Same as henry, I read that custom API were not supported by MSAL JS but the article is from ealry 2017.
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-limitations#standalone-web-apis
Is it still the case at the moment ?
Thanks,

Documentation for MSAL is poor and all over the place. GitHub wiki for MSAL is atrocious. Come on MS!

How do we renew the idToken after it expires. acquiretokensilent() is getting a new token but is not setting anything in the browser so as a result my user is getting logged out forcing him to login everytime the idtoken expires.
https://stackoverflow.com/questions/51864662/how-do-we-renew-idtoken-using-msal
if anyone can answer this, it will be of great help.

@chetanku did you ever found out the answer?

@navyasric FYI

I have been searching for documentation regarding this scenario for a long time and banging my head trying to get my SPA application to interact with my custom API. Anybody have an answer?

@bbbford Here is a sample demonstrating a SPA calling own backend web API using MSAL:
https://github.com/Azure-Samples/active-directory-javascript-singlepageapp-dotnet-webapi-v2

Thanks @navyasric.

My problem is I am trying to accomplish the same thing using azure functions instead of web api. I can’t figure out how to implement the OWIN middleware on azure functions.

So instead I am using Easy Auth. At first I tried to pass the token from MSAL to my easy auth protected function, but received 401 errors every time. I have concluded that easy auth only accepts v1 tokens which must be obtained via ADAL instead. Now it is working.

@bbbford - Please file a new GitHub issue if you have more questions.

We're working to make updates to our doc set to bring over the SDK content that's in our wikis and get them into docs.microsoft.com, but this work is just starting.

please-close

@henrydaehnke We will now proceed to close this thread. If there are further questions regarding this matter, please tag me in your reply. We will gladly continue the discussion and we will reopen the issue.

How do we renew the idToken after it expires. acquiretokensilent() is getting a new token but is not setting anything in the browser so as a result my user is getting logged out forcing him to login everytime the idtoken expires.
https://stackoverflow.com/questions/51864662/how-do-we-renew-idtoken-using-msal
if anyone can answer this, it will be of great help.

It looks like if you put your clientId in scopes of requestConfig parameter you will get only the id_token without access_token. And it can be renewed with acquireTokenSilent. Does it work for you?