堆栈内存溢出
  简体   繁体   English

如何在令牌请求时向Azure AD访问令牌(JWT)添加自定义声明?

[英]How add custom claim to Azure AD access token (JWT) at token request time?

 原文  2019-01-30 23:15:51       java/ azure/ oauth-2.0/ azure-active-directory/ adal4j

问题描述

The current JWT from Azure AD has the following structure: 来自Azure AD的当前JWT具有以下结构:

AzureAD JWT: AzureAD JWT: 

{
  "aud": "a5aa555a-aa55-5aaa-5a55-555a5aa55a5a",
  "iss": "https://sts.windows.net/a5aa555a-aa55-5aaa-5a55-555a5aa55a5a/",
  "iat": 1547084136,
  "nbf": 1547084136,
  "exp": 1547089036,
  "acr": "1",
  "aio": "aaaaaaaaaaaaa==",
  "appid": "a5aa555a-aa55-5aaa-5a55-555a5aa55a5a",
  "appidacr": "1",
  "email": "bob@bob.com",
  "idp": "https://sts.windows.net/a5aa555a-aa55-5aaa-5a55-555a5aa55a5a/",
  "ipaddr": "192.168.1.1",
  "name": "Bob Bob",
  "oid": "a5aa555a-aa55-5aaa-5a55-555a5aa55a5a",
  "roles": [],
  "scp": "Directory.AccessAsUser.All User.Read",
  "sub": "a5aa555a-aa55-5aaa-5a55-555a5aa55a5a",
  "tid": "a5aa555a-aa55-5aaa-5a55-555a5aa55a5a",
  "unique_name": "bob@bob.com",
  "uti": "kjkugiugi",
  "ver": "1.0"
}

I want to add in an extra few claims such as departmentId , someOtherCustomInfo . 我想添加一些额外的声明,例如departmentIdsomeOtherCustomInfo I want to do this in my token request, not have this preset. 我想在令牌请求中执行此操作,但没有此预设。 How would I do that? 我该怎么做?

Currently, I use ADAL4J to get the token: 当前,我使用ADAL4J来获取令牌: 

//Represents the authority we are asking to provide tokens
AuthenticationContext context = new AuthenticationContext(
    authority,
    true,
    Executors.newFixedThreadPool( numInPool )
);

Future<AuthenticationResult> future = context
    .acquireTokenByAuthorizationCode(
        authCode,
        new URI( redirectUri ),
        credentials,
        resource,
        null
    );

AuthenticationResult authResult = future.get();

//The token
String token = authResult.getAccessToken();

1 个解决方案

解决方案1
 0  2019-01-31 09:08:18

The JWT token emitted by the Azure AD (irrespective of whether it is an access token or an id token) does not contain much useful information except the email address and some other fields. Azure AD发出的JWT令牌(无论它是访问令牌还是id令牌)都没有包含很多有用的信息,除了电子邮件地址和其他一些字段。

Then we need more claims as a part of the JWT token apart from the default claims that are present in the JWT tokens. 然后,除了JWT令牌中存在的默认声明之外,我们还需要更多声明作为JWT令牌的一部分。

We can use Custom Claim mapping feature for the same.For further information please go through below link 我们可以使用自定义声明映射功能。有关更多信息,请通过以下链接

How to: Customize claims emitted in tokens for a specific app in a tenant 如何:针对租户中的特定应用程序自定义令牌发出的声明

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何访问JWT令牌然后处理请求? - How to access the JWT Token and then process the request? 从 Azure AD Java 获取访问令牌 - get Access Token from Azure AD Java 在Java中验证Azure AD JWT id_token - Validating Azure AD JWT id_token in Java 使用 JWT 令牌的 jti 声明作为不透明令牌 - Using jti claim of JWT tokens as an opaque token 如何验证从 Java 中的 Azure AD B2C 生成的 JWT 令牌? - How to validate JWT token generated from Azure AD B2C in Java? 如何在OAuth 2中向JWT令牌添加环境 - How to add environment to JWT token in OAuth 2 Azure 访问令牌 - Jwt.io 中的签名无效 - Azure Access Token - Invalid Signature in Jwt.io Spring 引导自定义 JWT 过滤器不允许没有令牌的任何请求 - Spring boot custom JWT filter not allowing any request without token 使用Azure AD Graph API时如何获取用于获取access_token的“代码” - how to get 'code' for getting access_token when using Azure AD Graph API 未返回与签名 jwt 令牌中的声明相同的到期日期 - same expiry date not returned whee set as Claim in signed jwt token
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM