Extend azure active directory access token claims
Question
I'm currently trying to authorize my api depending on the user group. After enabling the group claim in Azure Active Directory I have realized that the groups claim is not including in the access_token but the id_token.
I'm trying to avoid makings requests to the graph api and I've seen something about azure active directory claims mapping ( https://docs.microsoft.com/en-us/azure/active-directory/active-directory-claims-mapping )
But due to the lack of information and examples I'm not sure of how to deal with this.
Any suggestions on how to get the extra claims into the access token?
2 answers
solution1
2 ACCPTED 2018-03-06 20:18:44
You can get group ids in access tokens too.
But the API app manifest must have:
{
"groupMembershipClaims": "SecurityGroup"
}
Note that this must be in the APIs manifest, not the client app's manifest.
solution2
0 2018-03-06 18:16:18
In AAD, when you create an SSO application, you can create custom claims where you can customize the SAML response from AAD to the target application.
See this for more information.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.