如何使用 Azure AD 访问和过滤 JWT 令牌中的组?
[英]How to access and filter groups in JWT token using Azure AD?
问题描述
net core application.
网络核心应用程序。 I am returning JWT token which returns all the groups.我正在返回 JWT 令牌,它返回所有组。 I have below configuration in manifest.我在清单中有以下配置。
"groupMembershipClaims": "SecurityGroup",
"optionalClaims": {
"idToken": [],
"accessToken": [
{
"name": "groups",
"source": null,
"essential": false,
"additionalProperties": []
}
]
},
Currently users has 100 or 200 groups.当前用户有 100 或 200 个组。 So I want to return groups via graph api.所以我想通过图 api 返回组。 Along with that I want to return only groups whose name starts with AP.除此之外,我只想返回名称以 AP 开头的组。 May I know is this possible?我可以知道这可能吗? Any help in this regard appreciated.在这方面的任何帮助表示赞赏。 Thanks谢谢
2 个解决方案
解决方案1
1 已采纳 2019-09-24 11:50:28
Currently not possible.目前不可能。 If users have more than 200 groups, they won't be in the token.如果用户有超过 200 个组,他们将不在令牌中。 In those cases you have to query for the group memberships via Graph API.在这些情况下,您必须通过 Graph API 查询组成员资格。
If you only have few groups that you care about, you can query for the members of those groups and see if the user is in them.如果您只关心少数几个组,则可以查询这些组的成员并查看用户是否在其中。 Depends a bit on the data if it is faster to get the user's groups or to get the members of the groups you care about.如果获取用户组或获取您关心的组的成员更快,则取决于数据。
You can also assign users/groups to roles in your application, if that is the purpose of these checks.如果这是这些检查的目的,您还可以将用户/组分配给应用程序中的角色。
解决方案2
0 2022-07-14 23:18:32
You can configure the associated enterprise app registration to filter groups that will be included in the claim.您可以配置关联的企业应用注册以过滤将包含在声明中的组。 Group Filtering 组过滤
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.