Expecting access token to be JWT v2 but got v1

[raqsilva]

Hello,

Background:
msal version = "1.15.0"
python version = "3.8.12"

Authority = "https://login.microsoftonline.com/{tenant_id}/v2.0"

I have changed my app manifest var "accessTokenAcceptedVersion": 2.
My app is a confidential client application using default scopes and I'm getting my access token through acquire_token_by_auth_code_flow which gives me an access token v1 and id token v2.

How can I make sure I always get a v2 token?

Thanks,
Raquel

[hpsin]

What are your "default scopes"? Remember, the resource (the app that owns the scopes) controls the token version.

[raqsilva]

Default scopes are 'email' 'openid' 'profile'.

I have just realised that in order to get a V2 access token I need to delete default scopes, expose API and create a new scope (ref https://authguidance.com/2017/12/01/azure-ad-spa-code-sample/).

[rayluo]

Thanks for @hpsin 's hint, and glad to see @raqsilva figured it out. By the way, MSAL is currently a token acquisition library, so MSAL users do not normally need to care about the version of the obtained token. @raqsilva you were working on token validation? No wonder you created this topic. :-) We do not currently have an offering on token validation in Python. We will mark this issue as answered here, and we will reference it in future when we work on token validation.