How to add custom App Role to Claim and retrieve it from the token?

devapp 20 Reputation points
2024-03-19T00:16:56.6766667+00:00

i added a app role in my App Registration , but when user login to my web app , it doesn't have the Role in Claim

Any idea?

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,349 questions
{count} votes

Accepted answer
  1. Akhilesh 4,540 Reputation points Microsoft Vendor
    2024-03-20T12:33:37.44+00:00

    Hi @devapp

    Thank you for posting your query on Microsoft Q&A!

    To extract roles of user you need to have them configured as per: Add app roles to your application and receive them in the token and Assign users to an application.

    Ensure that application have Implicit and hybrid grants flow enabled:

    270492-image.png

    The following request get the authorization code by using your web browser. replaces the tenant_id, application ID,redirect uri and scope fields with your application details.

    https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/authorize?
    client_id={Application ID}
    &response_type=code&id_token
    &redirect_uri={application redirect uri}
    &response_mode=query
    &scope=openid&https://graph.microsoft.com/mail.read
    &nonce=abcde
    

    Copy the above request and paste it in browser to get the authorization the code. To extract the code, copy the URL from browser and paste on notepad and remove the below highlighted part.
    User's image With above response code, you can get the "access_token" & "id_token" by using postman
    follow the below parameters
    User's image

    The id_token will contain the user app roles assigned to the guest user and endpoint with tenant id:

    Copy the id_token and use jwt.ms or jwt.io to decode the ID token and get the response of Custome roles which is shown in below.
    User's image

    Hope this helps. Do let us know if you any further queries.

    Thanks,

    Akhilesh.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    1 person found this answer helpful.

0 additional answers

Sort by: Most helpful