I am building a ASP .Net Core 2.0 app and would like to know how to add the groups claim to my Azure B2C access token on my backend. I use the user's id to query MS Graph to get the user's group claim using ADAL and need the groups on the authorization token every time the user hits a controller. I would rather not query MS Graph every time a controller is hit.
Is it possible to add the groups claim to the B2C token after it is retrieved?
If not, should I store the groups as a Session variable?
If those aren't right, should I craft a second authorization token with the groups and then use that in my header when I send reqeusts?
You can in one of the OpenID Notifications (ie OnTokenValidated) and add user's groups(or roles ,but they are different ) to the ClaimsPrincipal. Something like :
options.Events = new OpenIdConnectEvents
{
OnTokenValidated = ctx =>
{
//query the user's groups using api
// add claims
var claims = new List<Claim>
{
new Claim("groups", xxxx-xx-xx)
};
var appIdentity = new ClaimsIdentity(claims);
ctx.Principal.AddIdentity(appIdentity);
return Task.CompletedTask;
},
};
Below links are code sample with .net framework , you can modify to fit the .net core version :
Authorize By Group in Azure Active Directory B2C
Azure AD B2C - Role management
You can support adding group claims to b2c issued tokens by voting for it in the Azure AD B2C feedback forum: Get user membership groups in the claims with Azure AD B2C
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.