问题
We have application developed in MEAN stack. We are using adal-agular library for azure ad authentication. As per the documentation and sample
Adal.js uses the OAuth implicit flow to communicate with Azure AD. You must enable the implicit flow for your application.
However when we enable implicit flow, Azure AD DOES NOT include group information in the token. The issue has been discussed here in detail and confirmed by @vibronet
Question
Azure AD functionalities have been changing almost everyday, so are the above answers still valid? Do we still have to enable implicit flow of our application? I want to get group information in token (i dont want to use graph api as a solution.)
another reason i am asking this question because i disabled the implicit flow and user was still able to access the application. However i still don't see group information in the token.
回答1:
Azure AD JWT does emit security groups in implicit flow.
In Application Registration manifest, set "groupMembershipClaims": "SecurityGroup",
Then in your server:
var groups = new List<string>();
ClaimsPrincipal.Current.Claims.Where(t => t.Type == "groups")
.ForEach(g => groups.Add(g.Value));
no need for GraphApi
https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles https://github.com/Azure-Samples/active-directory-dotnet-webapp-groupclaims
来源:https://stackoverflow.com/questions/36780567/azure-ad-how-to-get-group-information-in-token