Reputation:
Extend azure active directory access token claims
I'm currently trying to authorize my api depending on the user group. After enabling the group claim in Azure Active Directory I have realized that the groups claim is not including in the access_token but the id_token.
I'm trying to avoid makings requests to the graph api and I've seen something about azure active directory claims mapping (https://learn.microsoft.com/en-us/azure/active-directory/active-directory-claims-mapping)
But due to the lack of information and examples I'm not sure of how to deal with this.
Any suggestions on how to get the extra claims into the access token?
Upvotes: 1
Views: 1138
Answers (2)
Reputation: 58733
You can get group ids in access tokens too.
But the API app manifest must have:
{
"groupMembershipClaims": "SecurityGroup"
}
Note that this must be in the APIs manifest, not the client app's manifest.
Upvotes: 1
Related Questions
- Adding custom claims into AAD token
- Increase access token lifetime in Azure AD
- AzureAD Custom Claims in token
- Extending OAuth2 MS AD access_token data
- Azure AD Authentication Token not authorized
- Extend Accestoken LifeTime Azure AD Application
- Azure AD - missing roles claim in the token
- Obtain Azure Access Token
- Adding an additional Windows Azure AD delegated permission to an existing grant
- how to get access token after windows azure active directory authentication