如何从Azule AD MSAL accessToken检索用户角色? [英] How to retrieve user roles from Azule AD MSAL accessToken?

问题描述

我在Azure门户中创建了两个应用程序:一个是客户端应用程序，另一个是Web API.我在SPA中获取accessToken，然后使用此令牌向Web API发出请求.我为Web api应用创建了角色，然后将这些角色之一分配给自己.

I created two applications in Azure portal: one is client app, and another one is web api. I'm getting accessToken in SPA and then using this token to make requests to web api. I created roles for web api app and then assigned one of these roles to myself.

内部Web api中，我可以使用装饰器来验证每个端点的用户角色 [Authorize(Roles ="Reader，Editor，Admin")] ，但是我还需要在客户端中访问这些角色应用.我使用jwt.ms检查了该accessToken，并且在解析后它具有"roles":["Admin"] .但是如何使用JS在客户端应用程序中获得这些角色?

Inside web api I can verify user roles for every endpoint using decorators [Authorize(Roles = "Reader, Editor, Admin")], but I also need access to these roles in my client application. I checked this accessToken using jwt.ms and it has "roles": ["Admin"] after parsing. But how can I get these roles in client application using JS?

推荐答案

如果您只想从accessToken有效内容中提取版权声明，请尝试以下代码:

If you just want to extract Claims from accessToken payload, just try the code below:

<html>
                <body>
                                <div id="payload"></div>
                  
                </body>
                <script src="https://cdn.jsdelivr.net/npm/js-base64@3.2.4/base64.min.js" ></script>
                <script>
                var token= "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IkRJakFBSUpjNmZnMlkzd0dObkpRSEpXWjhXX1FGOG5Zd2lfVTFfOVhMejgifQ.eyJleHAiOjE1OTU1MTczNjMsIm5iZiI6MTU5NTUxMzc2MywidmVyIjoiMS4wIiwiaXNzIjoiaHR0cHM6Ly9zdGFudGVzdGIzYy5iMmNsb2dpbi5jb20vN2QzZDE4MjQtYTkyOC00ZWQ5LThlZDUtYjA0OTI5NTM4NTljL3YyLjAvIiwic3ViIjoiOGJiZDY3NDYtMDJjNy00MWE2LTk3Y2EtYzc0NWM4ZDI3YTIzIiwiYXVkIjoiNGVjZDM2MTYtM2IwNy00NjFiLTgzYjUtYmZhM2ZhZjAxYmY0IiwiYWNyIjoiYjJjXzFhX3NpZ251cF9zaWduaW4iLCJub25jZSI6ImRlZmF1bHROb25jZSIsImlhdCI6MTU5NTUxMzc2MywiYXV0aF90aW1lIjoxNTk1NTEzNzYzLCJvaWQiOiI4YmJkNjc0Ni0wMmM3LTQxYTYtOTdjYS1jNzQ1YzhkMjdhMjMiLCJuYW1lIjoic3RhbmxleSIsImdpdmVuX25hbWUiOiJnIiwiZmFtaWx5X25hbWUiOiJzdGFuIiwiZXh0ZW5zaW9uX3RuY2FjY2VwdGVkZGF0ZXRpbWUiOjE1ODk1NDk4NTUsImFjY291bnRFbmFibGVkIjp0cnVlLCJ0aWQiOiI3ZDNkMTgyNC1hOTI4LTRlZDktOGVkNS1iMDQ5Mjk1Mzg1OWMifQ.Fa5EX4b3Px5Xan_qs1a8I6DC8lLxu78AhyQu9-yqE68TCSrNt7QrAWbUPvFPC8TFErDb84FUPDvtLkVS7Q4mEM9dbAGRtxXoSkZa85TPLj6PxYmE61pONwwf971UZiFjLKjkhqVsbpC1Zbgvx5Z_vfFBlrlbxohzZHQuvBI6rqhLeZebvr9bitsIHgFvHJIh-6QgstII8ExQbXqLHzOB0E9e1nT4O7SaW4hnxEr-nKsnpsEbYZ-6LsIcR4svVyEsTp9_YoslU2hAHN0tLuJL-AR74wqUFjO79pUa3fCjiur207cEcvkthbahzeqVY-gqJGIGndZmxo3a3Rf0QEbWlg"
                
                 var token_parts = token.split(".")
                var token_payload = JSON.parse(Base64.decode(token_parts[1]));
                
                 document.getElementById("payload").innerHTML = Base64.decode(token_parts[1]) + "</br> </br> name claim:" + token_payload.name;
                </script>

</html>

基本上，令牌由3个部分组成，以"分隔.，并且有效载荷存储在第二部分中，您只需对Base64进行解码即可获取其内容

Basically,a token is composed by 3 parts, separated by "." ,and the payload is stored in the second part, you can just Base64 decode it to get its content

这篇关于如何从Azule AD MSAL accessToken检索用户角色?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！