Advanced Settings: More
This provider supports JWT authorization. If enabled, you can get a JWT token directly from the Azure AD API, and then call a DNN WebAPI controller.
- Enabled: Enables JWT authorization for the portal.
- Audiences: Introduces the audiences to validate JWT tokens, separated by commas. If left empty, the Application Id will be used by default.
If you are going to use the issued tokens to access an external WebAPI that uses Azure AD Authorization, you can specify the App ID URI and scopes that will be validated by the WebAPI.
- App ID Uri: The App ID Uri of the external WebAPI, obtained from the Azure portal (i.e. https://mytenant.onmicrosoft.com/myapi/).
- Scopes: The scopes separated by spaces, that will be include in the issued tokens, to be validated by the external WebAPI (i.e. "read write").
-
Prompt: Indicates the type of user interaction that is required when logging in. The available options are the following:
- blank: Either sign in the sole current user, show the account picker if there are multiple users, or show the login page if there are no users signed in.
- login: Force the user to enter their credentials on that request, negating single-sign on.
- none: The opposite of login. It ensures that the user isn't presented with any interactive prompt. If the request can't be completed silently by using single-sign on, the Microsoft identity platform returns an interaction_required error.
- consent: Trigger the OAuth consent dialog after the user signs in, asking the user to grant permissions to the app.
- select_account: Interrupts single sign-on providing account selection experience listing all the accounts either in session or any remembered account or an option to choose to use a different account altogether.
-
Domain Hint: If included, the app skips the email-based discovery process that user goes through on the sign-in page, leading to a slightly more streamlined user experience.
