Azure AD v2 - roles not included in Access Token

Question

Azure AD v2 - roles not included in Access Token

Mohamed Abdul Khader 0

hi Team,
following the same issue already asked in stack overflow( https://stackoverflow.com/q/66348270).
i have tried the solution but it is not working for me. ( https://stackoverflow.com/a/66348704 ).

Roles are not part of access token/ ID token
Frontend Client is built using Angular.
Backend using NodeJS.
followed the tutorial and cloned official github projects.

i have registered both applications and configured them correctly.
i am using external

Added Scopes for my node app
Screenshot 2024-02-07 at 9.44.10 PM

Added Role for my node app
Screenshot 2024-02-07 at 9.41.15 PM

**Assigned role to user
**
Screenshot 2024-02-07 at 9.55.42 PM

{
        endpoint: `http://localhost:5000/api/
        scopes: {
            write: [ "api://[node-application-Id]/TimeSheetTemplate.ReadWrite" ]
        }
    },

Request URL:
https://login.microsoftonline.com/common/oauth2/v2.0/token
Request Method:
POST
Status Code:
200 OK
Remote Address:
40.126.18.33:443
Referrer Policy:
strict-origin-when-cross-origin

Payload

Mohamed Abdul Khader 0 Reputation points

2024-02-07T16:39:23.9933333+00:00
Payload
client_id:

dab75630-666d-42d2-9863-a430ad6a3178

scope: api://[node-application-Id]/TimeSheetTemplate.ReadWrite openid profile offline_access

grant_type:

refresh_token

client_info:

1

x-client-SKU:

msal.js.browser

x-client-VER:

3.7.1

x-ms-lib-capability:

retry-after, h429

x-client-current-telemetry:

5|61,0,,,|@azure/msal-angular,3.0.11

x-client-last-telemetry:

5|0|||0,0

client-request-id: [angular-application-Id]

refresh_token:

M.C105_BAY.-Cgu4NLSGJ8NnC8QMdz6Vv8ZHK0rLZZHkUQOvQJoeoYPxAxdIhn3oGpn6CNhwkTtFHI!7AXK0GabGzI7NmLXNUeL37zVwyWGUdQyAElqMK4nxSp8jVmr2ibLQUVHXdkDcrQJRYhCjSDE0QqpNhfJPmSUulFSMLG8FtaTKr5eEFFmPshJGLZI1wP7b78m0UMnzgA4o!89UhUnNiFuToC13ndifFa1z5n3XroZMXbinKIN!dv!uEKXWl6fDxTtgRKSeyG6wayLhcDOSMZP6YATq0StwiGVQCfitbsOKOd0ucYTNlBWiBTQaouk9fUQfITMwXh2h8qu8SRU7mRNo80oS8$

X-AnchorMailbox: Oid:00000000-0000-0000-d8db-351d7555e529@9188040d-6c67-4c5b-b112-36a304b66dad
Mohamed Abdul Khader 0 Reputation points

2024-02-07T16:39:55.4333333+00:00

response
Mohamed Abdul Khader 0 Reputation points

2024-02-07T16:41:14.65+00:00

{

"token_type": "Bearer", "scope": "api://[node-application-Id]/TimeSheetTemplate.ReadWrite api://[node-application-Id]/TimeSheetList.ReadWrite api://[node-application-Id]/TimeSheetList.Read", "expires_in": 3600, "ext_expires_in": 3600, "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjJTcG9oaDl5Mm1lNTJuS3JoYWk3R3hXSmliVSJ9.eyJ2ZXIiOiIyLjAiLCJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vOTE4ODA0MGQtNmM2Ny00YzViLWIxMTItMzZhMzA0YjY2ZGFkL3YyLjAiLCJzdWIiOiJBQUFBQUFBQUFBQUFBQUFBQUFBQUFFOGJSd3JzS2UxSVI0am9aQWc4Y1BvIiwiYXVkIjoiZjBmYmJjNmQtMDMwNy00NDhjLTgxNmItYWY1NjE0OWFjNzA3IiwiZXhwIjoxNzA3MzI0NDgwLCJpYXQiOjE3MDczMjA1ODAsIm5iZiI6MTcwNzMyMDU4MCwibmFtZSI6IkFiZHVsIEtoYWRlciIsInByZWZlcnJlZF91c2VybmFtZSI6ImFiZHVsa2hhZGVyNDEyM0BvdXRsb29rLmNvbSIsIm9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC1kOGRiLTM1MWQ3NTU1ZTUyOSIsInRpZCI6IjkxODgwNDBkLTZjNjctNGM1Yi1iMTEyLTM2YTMwNGI2NmRhZCIsImF6cCI6ImRhYjc1NjMwLTY2NmQtNDJkMi05ODYzLWE0MzBhZDZhMzE3OCIsInNjcCI6IlRpbWVTaGVldFRlbXBsYXRlLlJlYWRXcml0ZSBUaW1lU2hlZXRMaXN0LlJlYWRXcml0ZSBUaW1lU2hlZXRMaXN0LlJlYWQiLCJhenBhY3IiOiIwIiwidXRpIjoiTWc2U0ZQUXJzRTBwMjRzQUFBQUFBQSIsImFpbyI6IkRpNUgqeHlibDF0YTQ3REtpazYhaEtaVTh0VDhaQUtNUnhjZSpsQ0FORXh0WkNyOVVsU2hYU2l2MzFreUpRdXJtZ09BOTR6VXp5eGVvcTFoZXY5clltQjJKc2U5MHQ1MFNwSmVJR2pGYXdNWTBDV0JiaERtdlRsOEJtMio2bzFHSklUUWdpZThsejVkeE5mamxJQVBlOUkkIn0.ez3vQ4d4M7D2J-AyYzMFZze3_DQn2_XuG31YB6TEvSqhUrT--cObM0D-xcjQsD5PXR78lzYTM1e6JjIaV1CdUPLHBei38gaQFwLG9xJ9uFK3lKpV3Ba9jDm8D8GU2uku20JWivC457Uuo1f0UfXavKknVUnA3yy7hPr_iKhqAk2Fg9w20-CCDvWVM0fX9yPnfOlJYnhwm4g5uyOifnPUXy4ifxX38z68IgBrJxW3FQw7PXkorWQJOsgm9Cd65GhJJWQhkMTT0uvfaQEiiBAZ_ftLWheqb9ThG-jE-KnBfUzIjKJX4GK8KeOFe8CvKhx0F_RVa1CX5OKz7Csa2UESnw", "refresh_token": "M.C105_BAY.-CpkCvUofwIkM8zmuBL42sAjbAWHHVUoqhz2qCiiLbkqR!al0jWy9JUEpiLi8Jl2GYqYeNHfME6upOKjAHiHJM1lnubg5GjSVqzAj51RPfpG9Da0cYqVhvmRhqyi07JErjhWvMAbrzPtVJ4am91J0NE1rhY55WAxx1QnLk8ug5tG6ETAzWlV9RSW4OJ4vHVMsGZ**1yq1y7wMR6Xja6mqGERwkJlpoYSccuielViJeYYz5FFJ1YcfaUrkvl0Ahv722h7NxShRQWrgvibtY9c6tHRL0y4GGaEKdy4ElAJpvGtfMaGMQ!z89A!c0!mqtGZRtvIJeMdJNsQmfo0DBFfYmXc4iIU95M1Nlz8zVXZGz8E9TrXiR4NTZZLlQ8p0xZdWHe*ODZku2Rh0HpDRvmeAHU!FbUeAO!SDFDojVc", "id_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjJTcG9oaDl5Mm1lNTJuS3JoYWk3R3hXSmliVSJ9.eyJ2ZXIiOiIyLjAiLCJpc3MiOiJodHRwczovL2xvZ2luLm1pY3Jvc29mdG9ubGluZS5jb20vOTE4ODA0MGQtNmM2Ny00YzViLWIxMTItMzZhMzA0YjY2ZGFkL3YyLjAiLCJzdWIiOiJBQUFBQUFBQUFBQUFBQUFBQUFBQUFCbEFoR04tNkNqbDE5N3luTWg0d3NzIiwiYXVkIjoiZGFiNzU2MzAtNjY2ZC00MmQyLTk4NjMtYTQzMGFkNmEzMTc4IiwiZXhwIjoxNzA3NDA3MjgwLCJpYXQiOjE3MDczMjA1ODAsIm5iZiI6MTcwNzMyMDU4MCwibmFtZSI6IkFiZHVsIEtoYWRlciIsInByZWZlcnJlZF91c2VybmFtZSI6ImFiZHVsa2hhZGVyNDEyM0BvdXRsb29rLmNvbSIsIm9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC1kOGRiLTM1MWQ3NTU1ZTUyOSIsInRpZCI6IjkxODgwNDBkLTZjNjctNGM1Yi1iMTEyLTM2YTMwNGI2NmRhZCIsImFpbyI6IkRrYmxFT2Z4aktXUVUhOG9mNVRaMDkxWm15S3FWZEpBODFIc1BoKkZkd2xMY1VQSVpzRndFMkRxMio2WDM3WUVEKmpoY3V2RWtwaHpGWFBDMTNzTlNpd0lrME1xTWhUSUo4WUtOQ0RMNjVsdEY3OTFmc0NzcHAyc2FEVEZZRW5SMUVBZ2I2WE9zdXpSVzBvZkVCUWpFOGskIn0.XGzplVHMJL2xyNKSRJnkcA4QLiDtth-Wc7MzLIpLMLPUohmLIOY-_2Y3Kujq3r6k6uhn2CoEi3I_4F3ENyyWb4VihsSdETMwstc8_bc7EygHLcG9nS_o0cb-D9W-6L0D_dpPR0ZbhWzvH6Z_Ek762xGdiG7lNwTje-EQdiwtZODDhyMPhTavIZz5shcjLwa0ctBjuqgZamzVnZqYcDzbnQHMzaeVuhQe10cGLKGCRLmKq3ZeZDmHzfSfqM_cocwyTDd7mrxmhliP-nUJ5qhMVFoY9hunYlhSDXyCUMFlnQijgftr_AzPCx1eRPzaLHX5yfo9miJwl-MT68Edx2F5CA", "client_info": "eyJ2ZXIiOiIxLjAiLCJzdWIiOiJBQUFBQUFBQUFBQUFBQUFBQUFBQUFCbEFoR04tNkNqbDE5N3luTWg0d3NzIiwibmFtZSI6IkFiZHVsIEtoYWRlciIsInByZWZlcnJlZF91c2VybmFtZSI6ImFiZHVsa2hhZGVyNDEyM0BvdXRsb29rLmNvbSIsIm9pZCI6IjAwMDAwMDAwLTAwMDAtMDAwMC1kOGRiLTM1MWQ3NTU1ZTUyOSIsInRpZCI6IjkxODgwNDBkLTZjNjctNGM1Yi1iMTEyLTM2YTMwNGI2NmRhZCIsImhvbWVfb2lkIjoiMDAwMDAwMDAtMDAwMC0wMDAwLWQ4ZGItMzUxZDc1NTVlNTI5IiwidWlkIjoiMDAwMDAwMDAtMDAwMC0wMDAwLWQ4ZGItMzUxZDc1NTVlNTI5IiwidXRpZCI6IjkxODgwNDBkLTZjNjctNGM1Yi1iMTEyLTM2YTMwNGI2NmRhZCJ9" }
Sandeep G-MSFT 20,786 Reputation points Microsoft Employee

2024-02-13T16:11:21.4233333+00:00

@Mohamed Abdul Khader
Thank you for posting this in Microsoft Q&A. I am looking into this issue and will get back to you post my research.

Your answer

Mohamed Abdul Khader 0 Reputation points

2024-02-07T16:39:23.9933333+00:00

Payload
client_id:

dab75630-666d-42d2-9863-a430ad6a3178

scope: api://[node-application-Id]/TimeSheetTemplate.ReadWrite openid profile offline_access

grant_type:

refresh_token

client_info:

1

x-client-SKU:

msal.js.browser

x-client-VER:

3.7.1

x-ms-lib-capability:

retry-after, h429

x-client-current-telemetry:

5|61,0,,,|@azure/msal-angular,3.0.11

x-client-last-telemetry:

5|0|||0,0

client-request-id: [angular-application-Id]

refresh_token:

M.C105_BAY.-Cgu4NLSGJ8NnC8QMdz6Vv8ZHK0rLZZHkUQOvQJoeoYPxAxdIhn3oGpn6CNhwkTtFHI!7AXK0GabGzI7NmLXNUeL37zVwyWGUdQyAElqMK4nxSp8jVmr2ibLQUVHXdkDcrQJRYhCjSDE0QqpNhfJPmSUulFSMLG8FtaTKr5eEFFmPshJGLZI1wP7b78m0UMnzgA4o!89UhUnNiFuToC13ndifFa1z5n3XroZMXbinKIN!dv!uEKXWl6fDxTtgRKSeyG6wayLhcDOSMZP6YATq0StwiGVQCfitbsOKOd0ucYTNlBWiBTQaouk9fUQfITMwXh2h8qu8SRU7mRNo80oS8$

X-AnchorMailbox: Oid:00000000-0000-0000-d8db-351d7555e529@9188040d-6c67-4c5b-b112-36a304b66dad
Mohamed Abdul Khader 0 Reputation points

2024-02-07T16:39:55.4333333+00:00

response
Sandeep G-MSFT 20,786 Reputation points Microsoft Employee

2024-02-13T16:11:21.4233333+00:00

@Mohamed Abdul Khader
Thank you for posting this in Microsoft Q&A. I am looking into this issue and will get back to you post my research.

Share via

Azure AD v2 - roles not included in Access Token

Your answer