问题
I tried using the code provided here: https://github.com/Azure-Samples/active-directory-javascript-singlepageapp-dotnet-webapi-v2
It works for both MSA and Azure AD authentication. I need to know whether the email address entered was MSA or Azure AD. Is there a way to find that out from the response?
回答1:
In the id_token you get back, there's a iss (issuer) claim.
This claim contains the user's tenant.
If the user used a Microsoft Account (MSA), their issuer claims will contain the following GUID for the MSA tenant: 9188040d-6c67-4c5b-b112-36a304b66dad
The full value of the issuer will be:
https://login.microsoftonline.com/9188040d-6c67-4c5b-b112-36a304b66dad/v2.0
Any other GUID indicates that the user signed in using Azure AD and the GUID value will represent their Azure AD tenant.
For more information check out the id_token section of the Token Reference documentation.
来源:https://stackoverflow.com/questions/44432124/is-there-a-way-to-find-whether-authentication-followed-msa-or-azure-ad-in-msal-j