Reputation: 1355
Azure mobile services with Azure AD auth user Claims
I wonder how I can get claims back when authenticating users with azure mobile services using Azure AD.
I'm using azure mobile services to authenticate users in a phonegap app. The authentication flow works fine, the response I get back from the service is as follows
{
"userId": "Aad:o5ExTvSOMETHING_HEREpb0c",
"mobileServiceAuthenticationToken": "A_TOKEN"
}
How can I get profile properties like full name, sign in name etc, so that I could at least output something like "Hello Lars", "Lars" being a claim returned.
After logging in, I redirect the user back to "home":
LoginController.prototype.doLogin = function() {
var that = this;
client.login('Aad').done(function(response) {
that.ons.navigator.resetToPage("page1.html", { title: 'Home' });
}, function (error) {
console.log(error);
});
};
When HomeController runs after signing in, client.currentUser is an object with the structure above:
HomeController = function($scope) {
$scope.controllerhello = "Welcome home!";
if(client.currentUser == null) {
$scope.ons.navigator.pushPage("login.html", { title: 'Sign in' });
}
};
What I had hoped was a response like this:
{
"userId": "Aad:o5ExTvSOMETHING_HEREpb0c",
"mobileServiceAuthenticationToken": "A_TOKEN",
"claims": {
userName: "[email protected]",
fullName: "Lars"
}
}
How, if, can I get these claims. Does it have to do with the application manifest under manage azure AD -> applications -> manage manifest ?
Upvotes: 0
Views: 662
Answers (1)
Reputation: 1620
Mobile Services does not send AAD claims to the client, but it is fairly easy to get them from the server using a custom API. Most of the data you will want can be obtained by making a call to the AAD Graph API. This is where all of the information about your users is stored.
This blog post shows the steps to access the graph and present an AAD user's name on screen using a Node.JS backend. It's a little outdated in terms of the UI, but the concepts should still apply. Now, instead of clicking "manage permissions," you will go to "permissions to other applications" and set the appropriate application permissions on "Windows Azure Active Directory."
Upvotes: 1
Related Questions
- Azure mobile apps custom authentication with Cordova
- Azure Mobile App authentication only with Azure AD but Windows Account can also login?
- Azure Mobile Service and Azure Web App authentication
- Application identity authentication in Azure Mobile app. How?
- Azure Mobile App Service - Cordova, with C# backend, using Azure AD. How to check roles?
- Azure AD authentication issue in cordova plugin
- Azure Mobile Services - Custom Authentication Claims Issue
- Azure Website Single Sign On accessing Azure Mobile Service from Azure Active Directory as User
- Azure Active Directory Authentication with Azure Mobile Services Failed
- Azure Mobile Services / Authentication