Reputation: 9368
How can I get user's group memberships included in the id token
I have an application that can successfully authenticate users through a B2C user flow policy and get an ID token in a JWT.
How can I update the user flow policy, so I get the user’s group membership as part of the ID token?
A link to documentation or concept would be a great help.
Upvotes: 0
Views: 1998
Answers (2)
Reputation: 514
On Azure B2C , it is not possible to get the user's groups membership in the idToken unfortunately. The mentioned above example by @rbrayb is using Custom policies with Identity Experience Framework , which is one way to go if you need to add the group memberships to the idToken.
Another way to do this is Manually call the Graph API ( using msal library/ Microsoft identity Client NUGET ) , with the objectId of the connected user and an access token in order to get the groups to which the user belong : In this case you will create a group for each role , affect the users to the right groups based on their role, by finding the users group , u know what's his role , here is an example of implementing this kind of authorization on .Net5 web api and web App.
Upvotes: 0
Related Questions
- How to fetch group memberships from an AAD group
- Azure B2C: How do I get "group" claim in JWT token
- Azure AD: How to get group information in token?
- Microsoft Graph API with Azure AD B2C: Get all users and their group membership
- AzureAd get groups info when not in token
- How to get user group information from Azure AD B2C
- how to get the group membership?
- Get a list of groups that Azure AD user belongs to in claims
- How to obtain Azure AD Groups from B2C UserJourney?
- Get a list of groups that Azure AD user belongs to in claims for .Net Core