Skip to content

Update access-tokens.md #1710

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update access-tokens.md #1710

wants to merge 1 commit into from

Conversation

ssivas
Copy link

@ssivas ssivas commented Aug 11, 2025

This need an update because accessTokenAcceptedVersion was part of the legacy AAD Graph App Manifest. In the new manifest format, the property is renamed and relocated: It is now called requestedAccessTokenVersion
And it resides under the api node in the manifest

Here is reference:
intility/fastapi-azure-auth#211 https://learn.microsoft.com/en-us/entra/identity-platform/identifier-uri-restrictions#guidance-for-developers

@ssivas
Update access-tokens.md
9c5d850 
This need an update because accessTokenAcceptedVersion was part of the legacy AAD Graph App Manifest.  In the new manifest format, the property is renamed and relocated:
It is now called requestedAccessTokenVersion
And it resides under the api node in the manifest 

Here is reference:
intility/fastapi-azure-auth#211
https://learn.microsoft.com/en-us/entra/identity-platform/identifier-uri-restrictions#guidance-for-developers
@prmerger-automator prmerger-automator bot requested a review from cilwerner August 11, 2025 15:25
@prmerger-automator PRMerger Automator
Copy link
Contributor

@ssivas : Thanks for your contribution! The author(s) and reviewer(s) have been notified to review your proposed change.

@v-dirichards
Copy link
Contributor

@cilwerner

Can you review the proposed changes?

Important: When the changes are ready for publication, adding a #sign-off comment is the best way to signal that the PR is ready for the review team to merge.

#label:"aq-pr-triaged"
@MicrosoftDocs/public-repo-pr-review-team

@learn-build-service-prod Learn Build Service (PROD)
Copy link
Contributor

Learn Build status updates of commit 9c5d850:

✅ Validation status: passed

File Status Preview URL Details
docs/identity-platform/access-tokens.md ✅Succeeded

For more details, please refer to the build report.

cilwerner
cilwerner suggested changes Aug 12, 2025
View reviewed changes
Copy link
Contributor

@cilwerner cilwerner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for pointing this out, however, please remove api. to kee the same formatting.

docs/identity-platform/access-tokens.md
@@ -41,13 +41,13 @@ Web APIs have one of the following versions selected as a default during registr
eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6Imk2bEdrM0ZaenhSY1ViMkMzbkVRN3N5SEpsWSJ9.eyJhdWQiOiI2ZTc0MTcyYi1iZTU2LTQ4NDMtOWZmNC1lNjZhMzliYjEyZTMiLCJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vNzJmOTg4YmYtODZmMS00MWFmLTkxYWItMmQ3Y2QwMTFkYjQ3L3YyLjAiLCJpYXQiOjE1MzcyMzEwNDgsIm5iZiI6MTUzNzIzMTA0OCwiZXhwIjoxNTM3MjM0OTQ4LCJhaW8iOiJBWFFBaS84SUFBQUF0QWFaTG8zQ2hNaWY2S09udHRSQjdlQnE0L0RjY1F6amNKR3hQWXkvQzNqRGFOR3hYZDZ3TklJVkdSZ2hOUm53SjFsT2NBbk5aY2p2a295ckZ4Q3R0djMzMTQwUmlvT0ZKNGJDQ0dWdW9DYWcxdU9UVDIyMjIyZ0h3TFBZUS91Zjc5UVgrMEtJaWpkcm1wNjlSY3R6bVE9PSIsImF6cCI6IjZlNzQxNzJiLWJlNTYtNDg0My05ZmY0LWU2NmEzOWJiMTJlMyIsImF6cGFjciI6IjAiLCJuYW1lIjoiQWJlIExpbmNvbG4iLCJvaWQiOiI2OTAyMjJiZS1mZjFhLTRkNTYtYWJkMS03ZTRmN2QzOGU0NzQiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJhYmVsaUBtaWNyb3NvZnQuY29tIiwicmgiOiJJIiwic2NwIjoiYWNjZXNzX2FzX3VzZXIiLCJzdWIiOiJIS1pwZmFIeVdhZGVPb3VZbGl0anJJLUtmZlRtMjIyWDVyclYzeERxZktRIiwidGlkIjoiNzJmOTg4YmYtODZmMS00MWFmLTkxYWItMmQ3Y2QwMTFkYjQ3IiwidXRpIjoiZnFpQnFYTFBqMGVRYTgyUy1JWUZBQSIsInZlciI6IjIuMCJ9.pj4N-w_3Us9DrBLfpCt
```

Set the version for applications by providing the appropriate value to the `accessTokenAcceptedVersion` setting in the [app manifest](reference-app-manifest.md#manifest-reference). The values of `null` and `1` result in v1.0 tokens, and the value of `2` results in v2.0 tokens.
Set the version for applications by providing the appropriate value to the `api.requestedAccessTokenVersion` setting in the [app manifest](reference-app-manifest.md#manifest-reference). The values of `null` and `1` result in v1.0 tokens, and the value of `2` results in v2.0 tokens.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Keep the original formatting before merging.

Suggested change
Set the version for applications by providing the appropriate value to the `api.requestedAccessTokenVersion` setting in the [app manifest](reference-app-manifest.md#manifest-reference). The values of `null` and `1` result in v1.0 tokens, and the value of `2` results in v2.0 tokens.
Set the version for applications by providing the appropriate value to the `requestedAccessTokenVersion` setting in the [app manifest](reference-app-manifest.md#manifest-reference). The values of `null` and `1` result in v1.0 tokens, and the value of `2` results in v2.0 tokens.

docs/identity-platform/access-tokens.md

## Token ownership

An access token request involves two parties: the client, who requests the token, and the resource (Web API) that accepts the token. The resource that the token is intended for (its *audience*) is defined in the `aud` claim in a token. Clients use the token but shouldn't understand or attempt to parse it. Resources accept the token.

The Microsoft identity platform supports issuing any token version from any version endpoint. For example, when the value of `accessTokenAcceptedVersion` is `2`, a client calling the v1.0 endpoint to get a token for that resource receives a v2.0 access token.
The Microsoft identity platform supports issuing any token version from any version endpoint. For example, when the value of `api.requestedAccessTokenVersion` is `2`, a client calling the v1.0 endpoint to get a token for that resource receives a v2.0 access token.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As above

Suggested change
The Microsoft identity platform supports issuing any token version from any version endpoint. For example, when the value of `api.requestedAccessTokenVersion` is `2`, a client calling the v1.0 endpoint to get a token for that resource receives a v2.0 access token.
The Microsoft identity platform supports issuing any token version from any version endpoint. For example, when the value of `requestedAccessTokenVersion` is `2`, a client calling the v1.0 endpoint to get a token for that resource receives a v2.0 access token.

@v-dirichards
Copy link
Contributor

@ssivas Can you respond to the requested changes or let us know if you would like us to commit them?

@cilwerner - When the changes are ready for publication, adding a #sign-off comment is the best way to signal that the PR is ready for the review team to merge.

#label:"aq-pr-triaged"
@MicrosoftDocs/public-repo-pr-review-team

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
1 more reviewer

@cilwerner cilwerner cilwerner requested changes

Reviewers whose approvals may not affect merge requirements
Assignees

@cilwerner cilwerner

Labels
aq-pr-triaged Change sent to author do-not-merge identity-platform/svc
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ssivas @v-dirichards @cilwerner