Menu
We have application developed in MEAN stack. We are using adal-angular library for azure ad authentication. As per the documentation and sample
Adal.js uses the OAuth implicit flow to communicate with Azure AD. You must enable the implicit flow for your application.
However when we enable implicit flow, Azure AD DOES NOT include group information in the token. The issue has been discussed here in detail and confirmed by @vibronet
Question
Azure AD functionalities have been changing almost everyday, so are the above answers still valid? Do we still have to enable implicit flow of our application? I want to get group information in token (i dont want to use graph api as a solution.)
another reason i am asking this question because i disabled the implicit flow and user was still able to access the application. However i still don't see group information in the token.
692
Azure AD JWT does emit security groups in implicit flow.
In Application Registration manifest, set "groupMembershipClaims": "SecurityGroup",
Then in your server:
var groups = new List<string>();
ClaimsPrincipal.Current.Claims
.Where(t => t.Type == "groups")
.ForEach(g => groups.Add(g.Value));
no need for GraphApi
https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles https://github.com/Azure-Samples/active-directory-dotnet-webapp-groupclaims
77
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
