Minor changes

Author: Kalyan Krishna

TodoListService-ManualJwt/Global.asax.cs

@@ -139,7 +139,7 @@ protected async override Task<HttpResponseMessage> SendAsync(HttpRequestMessage
                 ValidIssuers = validissuers,
                 IssuerSigningKeys = config.SigningKeys
 
-                // Please inspect TokenValidationParameters class for a lot more validation parameters. 
+                // Please inspect TokenValidationParameters class for a lot more validation parameters.
             };
 
             try
@@ -151,7 +151,8 @@ protected async override Task<HttpResponseMessage> SendAsync(HttpRequestMessage
 #pragma warning disable 1998
                 // This check is required to ensure that the Web API only accepts tokens from tenants where it has been consented to and provisioned.
                 if (!claimsPrincipal.Claims.Any(x => x.Type == ClaimConstants.ScopeClaimType)
-                   && !claimsPrincipal.Claims.Any(y => y.Type == ClaimConstants.RolesClaimType))
+                    && !claimsPrincipal.Claims.Any(y => y.Type == ClaimConstants.ScpClaimType)
+                    && !claimsPrincipal.Claims.Any(y => y.Type == ClaimConstants.RolesClaimType))
                 {
 #if DEBUG
                     return BuildResponseErrorMessage(HttpStatusCode.Forbidden, "Neither 'scope' or 'roles' claim was found in the bearer token.");

TodoListService-ManualJwt/Utils/ClaimConstants.cs

@@ -36,6 +36,7 @@ public static class ClaimConstants
         public const string TenantId = "http://schemas.microsoft.com/identity/claims/tenantid";
         public const string Tid = "tid";
         public const string ScopeClaimType = "http://schemas.microsoft.com/identity/claims/scope";
+        public const string ScpClaimType = "scp";
         public const string RolesClaimType = "roles";
 
         public const string ScopeClaimValue = "access_as_user";