I have an application in Vue.js that obtains user/bearer tokens using oidc-client that gives information about the usergroups in a particular Enterprise Application in Azure AD, the current logged in user is part of. We have used the following as the scope scope: `openid email profile api://${APP_CLIENT_ID}/user_access' where APP_CLIENT_ID is the corresponding app registration application/client id. Now we are trying to implement the same from a desktop client app using MSAL but using the same scope with or without the "/.default" suffix provides errors. Also, have tried using "api://Resource URI/.default", which gives the token but does not provide any info on app Usergroups. What should be the correct scope that needs to be used to get the info or is there any other alternative to this?
Getting Azure AD Enterprise Application user group in jwt token using MSAL in C#
788 views Asked by user9057272 At
1
There are 1 answers
Related Questions in .NET
- Does compiler optimize operation on const variable and literal const number?
- What is the point of definnig Asp.net Intrinsic Objects In different places and what is the different betwen them?
- Deleting Orphans with Fluent NHibernate
- IOrderedEnumerable to vb.net IOrderedEnumerable Conversion
- What is this namespace ITypeOfObjectsBoundToListBox ? Couldn't find it
- .net rest service with JSON string and consumed with java client
- What is best way to check if any of the property of object is null or empty?
- Telerik's WPF RadColorPicker NoColorText property not working
- Possible consequences of duplicate ProgId for different classes
- How are multiple requests to Task.Run handled from a resource management standpoint?
Related Questions in AZURE-ACTIVE-DIRECTORY
- MultipleTokensMatched exception when using default TokenCache
- How can I share Azure Active Directory authentication between server side and client script?
- Azure AD Change Password with patch call
- Azure Active Directory Login: Web App Permissions, User Consent not triggered
- ADALJS Error description:AADSTS65001: No permission to access user information is configured for 'clientId' application, or it is expired or revoked
- app is re-initializing the first time ADAL "protected" URL is accessed via $http
- Validate access token for WEB API protected by Azure AD
- Azure AD Graph API: Is it possible to enumerate all groups associated with an application role?
- Is is possible to use Azure AD as a SAML compliant Identity Provider?
- Microsoft Graph API Accessing basic info of a user that is outside tenancy
Related Questions in AZURE-AD-MSAL
- In theory, is it possible for Azure AD or B2C to leverage the Facebook SDK for auth?
- How should I determine if an MSAL account has an Exchange based email system? (got an exception)
- How do I customize the App icon that appears in MSAL v2 myapps.microsoft.com?
- How to use ConfidentialClientApplication to perform AppOnly requests to Graph (Group.ReadWrite.All)
- Can MSAL be used with my own authority (e.g. IdentityServer)
- MSAL with Angular2 : Refused to display in a frame because it set 'X-Frame-Options' to 'deny'
- Azure B2C Refresh Token Functionality Not Working In iOS Swift Sample App
- Stay logged in when using msal.js
- Using MSAL in a machine-to-machine scenario as a CSP
- Unable to locate the refresh token with Microsoft Graph
Related Questions in AZURE-OAUTH
- OAuth Access Token Exchange Protocol
- Azure registered app error: The user or administrator has not consented to use the application with ID
- Power Bi Azure Cost Management - oauth token
- Protecting SPA and API using Azure AD and app roles
- For IMAP.AccessAsUser.All Scope ADSTS65001: The user or administrator has not consented to use the application
- Microsoft/Azure OAuth failing, my organization lacks a service principal
- OAuth authentication with EWS Managed API applications for a specific mailbox
- How to make all refresh tokens invalid for getting access token to make it more secure
- Getting Azure AD Enterprise Application user group in jwt token using MSAL in C#
- Can I set two different Redirect URL (Reply URL) inside a SPA application inside Azure AD
Related Questions in MSAL
- MSAL Authentication Issue When Deploying Azure Function (Python v1), but works locally
- MSAL v2 Angular - Logout Issue
- Angular MSAL Library Concurrency Issues: msal-browser v3.2.0, Angular v16.2
- Failed to serialize SSO request dictionary for interactive token request
- MSAL.js and Axios - aquireTokenPopup interaction in progress
- expo react-native-msal [TypeError: Cannot read property 'createPublicClientApplication' of null]
- Use Azure devops release variables group in vue application
- AADSTS900561 Error in MSAL-Browser: Endpoint Only Accepts POST and OPTIONS Requests, Not GET – Unable to Retrieve Token
- react-native-msal bypass app continue screen during login
- C# WinForms - This causes a endless loop: await publicClientApplication.AcquireTokenInteractive(scopes).ExecuteAsync();
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Popular Tags
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
To fetch the Azure AD group the current logged in user is part of, check the below:
Assign
GroupMember.Read.AllAPI permission to the Azure AD Application.Now, generate access token to call Graph API via Postman like below:
To get the Azure AD group the current logged in user is part of, use the below query:
To fetch the groups assigned to the Azure AD Application, check the below:
Add optional claim in the Azure AD Application:
Now, I generated tokens via Postman using below parameters:
When I decoded the token, the groups added to the Application are displayed like below: