Reputation: 562
AzureAd get groups info when not in token
I few days ago I configured my AzureAd to get Id_Tokens for my app also with groupIds claims within the token.
Everything works fine, but if I add more than 5 groups to an user it fails because azure add the "hasgroups": "true" claims because token is to big to add it in the URL so I have to perform another request.
The point is that I am not be able to perform the request to then obtaining the groups. The token ID_TOKEN I have received is the following:
for the backend and front end azureAD filter this token is perfect and works fine
Then as it it said in the official Microsoft azure docs I have to perform another request to https://graph.microsoft.com/v1.0/users/{userID}/getMemberObjects
As you can see the aud claim is the same as my app client ID:
I am trying to perform the request with postman because I need it and this is the result
{
"error": {
"code": "InvalidAuthenticationToken",
"message": "Access token validation failure. Invalid audience.",
"innerError": {
"date": "2020-07-08T13:56:50",
"request-id": "6b2f3374-33e4-4a1a-9709-b8111cd2bc66"
}
}
}
As you can see the aud is not invalid because is the same as client_id
What am I doing wrong>? I have spent a lot of time dealing with that and I can't find the solution.
I have also tried with POST request and BODY
UPDATE
I found the problem, the problem was that I was using an id_token instead of a access_token. But for me ot would be ususer to be able to extract such information only by using id_token.
I still have a horrible inconvenience, because if you can only use access token I will have to change half the application because is only the front end which have access token and in backend I have aspects that were using id_token with the group information contained and did not need the access token at all .Now front end should have to add access token in every request header to be captured in backend to run son filters and aspects that are executed and require such information
Is it possible to get the same info but with id_token instead?
Upvotes: 0
Views: 406
Answers (1)
Related Questions
- How to fetch group memberships from an AAD group
- Azure AD: How to get group information in token?
- Include AAD group name in the JWT token
- Getting Security Groups in JWT Access Token
- Programatically get users group and role from Azure AD
- Microsoft GraphAPI: How do I retrieve the assigned groups of an azure user?
- Get groups by ID
- Azure AD OpenID connection - groups not shown in token
- Azure group details retrieve from JWT token
- Retrieving Azure AD Group information with JWT