[英]Add Custom value in UPN claim in Access Token generated using Azure AD Client Credential Flow
We are using IdentityServer4 with Client Credential Grant Type but for one of consumer we tweaked Client Credential flow and introduced Delegation Grant Type and that's where we inject UPN claim in AccessToken as there will not be UPN claim in Access Token generated using Client Credential flow.我们将 IdentityServer4 与客户端凭据授予类型一起使用,但对于其中一位消费者,我们调整了客户端凭据流并引入了委托授予类型,这就是我们在 AccessToken 中注入 UPN 声明的地方,因为使用客户端凭据流生成的访问令牌中不会有 UPN 声明。 Purpose of doing this is our upstrem apps authorize our API calls based on User.
这样做的目的是我们的上游应用程序根据用户授权我们的 API 调用。
Does Azure AD has any functionality where I can provide custom value of UPN claim for App and when that particular App is being used to generate access token using Client Credential flow, UPN claim with custom value will be available in Access Token? Azure AD 是否具有任何功能,我可以为应用程序提供 UPN 声明的自定义值,并且当该特定应用程序用于使用客户端凭据流生成访问令牌时,具有自定义值的 UPN 声明将在访问令牌中可用?
I tried to reproduce the same in my environment using Client Credential:我尝试使用客户端凭据在我的环境中重现相同的内容:
In order to get UPN claim
in access token, you need to add optional claim like below:为了在访问令牌中获得
UPN claim
,您需要添加如下可选声明:
Go to Azure Portal -> Azure Active Directory -> App Registrations -> Your App -> Token Configuration -> Add optional claims.转到 Azure 门户 -> Azure Active Directory -> 应用注册 -> 您的应用 -> 令牌配置 -> 添加可选声明。
When I decoded the access token generated with client credentials grant type, UPN claim is not included.当我解码使用客户端凭据授予类型生成的访问令牌时,不包括 UPN 声明。
Please note that, if you need UPN claim in the token, then you have to make use of Authorization code flow , ROPC flow , Implicit flow authentication flows to acquire token.请注意,如果您需要在令牌中声明 UPN,那么您必须使用授权码流、 ROPC 流、 隐式流身份验证流来获取令牌。 Check this .
检查这个。
I generated access token via Authorization code flow like below:我通过授权代码流生成访问令牌,如下所示:
When decoded the token, got UPN claim successfully:解码令牌后,成功获得 UPN 声明:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.