![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 80%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERY%3C/text%3E%3C/svg%3E)
Azure Role-based access control
An Azure service that provides fine-grained access management for Azure resources, enabling you to grant users only the rights they need to perform their jobs.
Thank you for time and patience while posting your query on Microsoft Q&A. From above description I could understand that you are looking for way to get application Roles assigned to user in the oauth tokens as claims.
Please do correct me if this is not the case by responding in the comments section:
This could be achieved by as per Add app roles to your application and receive them in the token, also a similar request has been answered here:
To extract roles of user you need to have them configured as per : Add app roles to your application and receive them in the token.
- Ensure that application have Implicit and hybrid grants flow enabled:
- The endpoint must be hitting organization endpoint and not common/personal, as they would not emit the roles. Given is the example
https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/authorize?
client_id={Application ID}
&response_type=code&id_token
&redirect_uri=http://localhost/myapp/
&response_mode=query
&scope=openid&https://graph.microsoft.com/mail.read
&state=12345
&nonce=abcde
- Extract the code from request you sent above:
- The id_token will contain the user app roles assigned to the guest user and endpoint with tenant id:
Thanks,
Akshay Kaushik
Please "Accept the answer" (Yes), and share your feedback if the suggestion answers you’re your query. This will help us and others in the community as well.