Hi @devapp
Thank you for posting your query on Microsoft Q&A!
To extract roles of user you need to have them configured as per: Add app roles to your application and receive them in the token and Assign users to an application.
Ensure that application have Implicit and hybrid grants flow enabled:
The following request get the authorization code by using your web browser. replaces the tenant_id
, application ID
,redirect uri
and scope
fields with your application details.
https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/authorize?
client_id={Application ID}
&response_type=code&id_token
&redirect_uri={application redirect uri}
&response_mode=query
&scope=openid&https://graph.microsoft.com/mail.read
&nonce=abcde
Copy the above request and paste it in browser to get the authorization the code. To extract the code, copy the URL from browser and paste on notepad and remove the below highlighted part.
With above response code, you can get the "access_token" & "id_token" by using postman
follow the below parameters
The id_token
will contain the user app roles assigned to the guest user and endpoint with tenant id:
Copy the id_token
and use jwt.ms or jwt.io to decode the ID token and get the response of Custome roles which is shown in below.
Hope this helps. Do let us know if you any further queries.
Thanks,
Akhilesh.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.