Roles Missing on Access Token

CUI 6 Reputation points
2022-10-12T21:33:48.063+00:00

We have an API app set up under one tenant (Tenant A) with a role "test". I then have a demo app set up under a different Tenant (Tenant B), and added that role under Tenant B's app (screenshot below). However, when I make a call to oauth2/v2.0/token using client_credentials flow the JWT does not contain a roles property. Is it possible to pass roles in my current configuration? I was able to access the roles in the JWT when "demo app" was set up under Tenant A.

249810-image.png

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,852 questions
0 comments No comments
{count} vote

1 answer

Sort by: Most helpful
  1. Sreeju Nair 11,856 Reputation points
    2022-10-13T05:03:42.93+00:00

    One of the option is to use App Roles in your application. Refer the following URL

    https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps

    Another option is to get the security groups of the signed in user. Refer the following sample

    https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/blob/master/5-WebApp-AuthZ/5-2-Groups/README.md

    Hope this helps