stackoom
  简体   繁体   中英

Custom claims in msal.js access token

 原文  2019-01-25 11:06:19       angular/ azure/ azure-active-directory/ azure-ad-b2c/ msal.js

Question

I have secured my Angular 7 application by using msal.js. I've created a custom policy that returns custom claimtypes in the id_token and in the access_token. To achieve this, I've been following this tutorial: https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-custom-rest-api-netfw . When I use the acquireTokenSilent() msal.js method, the JWT token does not contain the custom claims (contract, fileUploadAllowed).

When I use the "Run Now" button on the Custom Policy pane in Azure, I do receive an access_token that has the custom claims.

The payload of the JWT token thats is generated by running the policy in Azure (Changed some of the values): 

{
  "iss": "https://login.microsoftonline.com/guid/v2.0/",
  "exp": 1548416392,
  "nbf": 1548455092,
  "aud": "c152h904-835a-496f-8919-e74f5013374c",
  "contract": "Contract03",
  "fileUploadAllowed": false,
  "sub": "25a6ec11-16fd-477a-8917-e0728c69e1db",
  "nonce": "defaultNonce",
  "scp": "portal.read user_impersonation",
  "azp": "c154c904-835a-496f-8919-e74f5087384c",
  "ver": "1.0",
  "iat": 1542213053
}

The payload of the JWT token (access_token) that is generated by msal.js: 

{
  "iss": "https://login.microsoftonline.com/guid/v2.0/",
  "exp": 1548416396,
  "nbf": 1548455092,
  "aud": "c152h904-835a-496f-8919-e74f5013374c",
  "sub": "25a6ec11-16fd-477a-8917-e0728c69e1db",
  "nonce": "e6df86c9-7c19-4cb5-a4ac-1aa2a89b1951",
  "scp": "portal.read user_impersonation",
  "azp": "c154c904-835a-496f-8919-e74f5087384c",
  "ver": "1.0",
  "iat": 1542213953
}

I want to receive the custom claims in the access_token that is generated by msal.js. Does anyone know what I should do in order to make this work?

Thank you.

1 answers

solution1
 0  2019-08-30 04:09:54

We came across this exact same issue just recently. Just like you, we've implemented our own Custom B2C Policies that would acquire some Custom Claims from our REST API and inject them into our JWT tokens. When tested in Azure using "Run Now" we'd see all our custom claims in both ID Token as well the Access Token. But in our SPA with MSAL Angular each time we silently acquired the Access Tokens they would be missing all our custom claims.

Upon some research, we found that the issue was that none of our custom claims were persisted in the AD Session, hence the reason for missing custom claims.

We've solved it by overriding the " SM-AAD " Technical Profile in our TrustFrameworkExtensions file and specifying which claims we wanted to persist in the session, eg you have to add your custom claims to the PersistedClaims collection.

Hope this helps.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to handle azure access token between web api and angular apps without using MSAL.js Using the Token generated by AAD using MSAL.js, with Connect-MicrosoftTeams -AadAccessToken cmdlet Authentication on angular spa using msal.js MSAL.js protectedResourceMap - explanation needed for what to set it to msal.js angular 6 SPA callback and errors handling Angular 8 with Azure B2C Authentication (using MSAL.js) Msal.js: node_modules/msal/lib-commonjs/index has no exported member 'User' Angular Msal Access Token Retrieval Login redirect a user with Azure AD B2C from an Angular application and msal.js Error in Logout through MSAL.JS in Javascript / Angular 6 SPA application using B2C
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM