Azure AD JWT身份验证-声明丢失
[英]Azure AD JWT authentication - Claims are missing
问题描述
I'm trying to get a user groups from the Azure AD. 
我正在尝试从Azure AD获取用户组。 I'm getting a token with these simple lines of code : 我得到了这些简单的代码行的令牌:
if (this.user == null)
user = await AuthenticationManager.DefaultManager.CurrentClient.LoginAsync(this, MobileServiceAuthenticationProvider.WindowsAzureActiveDirectory);
if (user != null)
{
System.Diagnostics.Debug.WriteLine("Token = " + user.MobileServiceAuthenticationToken);
}
When I paste the token in the JWT debugger present on this website : https://jwt.io/ I get some informations (stable_sid, sid, sub, idp, ver, iss, aud, exp, nbf) but I can't seem to get the groups claim in them. 当我将令牌粘贴到该网站上存在的JWT调试器中时: https : //jwt.io/我得到了一些信息(stable_sid,sid,sub,idp,ver,iss,aud,exp,nbf),但我无法似乎得到了团体的要求。
I added in Azured AD the required permissions to read groups for Microsoft graph and Azure active directory but it did not change anything in the tokens. 我在Azured AD中添加了读取Microsoft图形和Azure活动目录的组所需的权限,但它并未更改令牌中的任何内容。
What am I missing to get the users groups ? 我缺少什么来获得用户组?
Thank you in advance. 先感谢您。
EDIT : Commenter pointed that I forgot to mention that I modified the manifest to "groupMembershipClaims": "SecurityGroup", I also tried "All" but still no claims. 编辑:评论者指出,我忘了提及我将清单修改为“ groupMembershipClaims”:“ SecurityGroup”,我也尝试了“全部”,但仍然没有声明。
1 个解决方案
解决方案1
1 2017-04-13 13:52:16
Okay, so there is actually no issue here. 好的,所以这里实际上没有问题。
What we are supposed to do to acces the user groups is use the authentication token in order to make calls to the Microsoft Graph API, which will then give us access to the groups and users in the tenant. 要对用户组进行访问,我们应该使用身份验证令牌来调用Microsoft Graph API,这将使我们能够访问租户中的组和用户。
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-graph-api-quickstart https://docs.microsoft.com/zh-cn/azure/active-directory/develop/active-directory-graph-api-quickstart
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.