Reputation: 21
How to include roles into access token using Azure AD MSAL library
My web api services are protected by roles based authorization. So, my access token requesting from Azure AD doesn't include any roles in access token. Is it possible to add assigned roles(defined in manifest file and adding it on user) into access token?
would you please guide me with links and examples because I am not able to find any documentations?
Upvotes: 2
Views: 2700
Answers (1)
Reputation: 58908
Definitely possible, I've written an older article on the topic: https://joonasw.net/view/defining-permissions-and-roles-in-aad.
Make sure you define the roles in the manifest of the API. Do note though that if a user has many roles and you use the implicit flow to get tokens in the front-end, they might not appear in the token. If that happens to you, upgrading to MSAL.js 2.x and using authorization code flow with PKCE in the front-end should help with this.
Upvotes: 1
Related Questions
- Azure AD v2 roles not included in Access Token
- Azure AD: Roles claims missing in access token
- How to include roles in issued token when using multi-tenant Azure AD with Azure AD B2C?
- How to retrieve user roles from Azule AD MSAL accessToken?
- where should I create Active Directory app roles so that I can see those roles in the access token?
- Include Roles from external database in the Access Token
- Missing app roles in access token from AzureAD
- How to add roles claim in access_token , currently it is coming in id_token?
- Azure AD - missing roles claim in the token
- How to use Azure AD to generate tokens with role definition