如何从Azure活动目录中获取邮递员中的用户角色声明? [英] How to get user role claims in postman from Azure active directory?
问题描述
我在我的Azure AD帐户中添加了一些用户,我想通过以声明的形式从Postman调用Azure API来获取这些用户的角色和用户信息.我尝试使用以下参数调用以下URL:
如果您提到的角色是指应用程序角色,那么答案是肯定的,您可以在id_token中获取角色信息.先决条件是您具有
以下是详细步骤.您还可以参考
类似这样的东西.
{"allowedMemberTypes":[用户"],"displayName":测试","id":"c200e304-fff3-49f1-a4df-e406741ea680","isEnabled":是,"description":"Bla bla",值":测试"} 2.
单击您的应用程序->单击用户和组"->单击添加用户"
角色分配.
这是获取id_token的请求.
您将在id_token中找到这些角色.
I have a few users added to my Azure AD account, I would like to get the roles and user information on these users by calling an Azure API from Postman in the form of claims. I tried calling the following URL with the parameters as :
https://login.microsoftonline.com/myTenantId/oauth2/token
Body: grant_type : password, client_id : client id, client secret : client secret
I receive the access_token in the encoded format in the response, When I decode it on https://jwt.io/ I see the decoded data, but there's no user roles in the access_token.
I would like to get the user information and the roles in the form of claims in same response.
What approach would I need to take on this ?
If the role you mentioned refers to directory role, the answer is no, it won't be returned in the token. Just like juunas said, you can call graph api to get directory role information.
If the role you mentioned refers to application role, the answer is yes, you can get the role information in id_token. The prerequisite is that you have assigned some roles to the user.
Here are the detailed steps. You can also refer to this article.
- edit the manifest to add some custom roles.
Something like this.
{
"allowedMemberTypes": [
"User"
],
"displayName": "Test",
"id": "c200e304-fff3-49f1-a4df-e406741ea680",
"isEnabled": true,
"description": "Bla bla",
"value": "test"
}
2.assign users to roles. Click Enterprise applications->All applications->
Click your application->click Users and groups->click Add user
role assign.
Here is the request to get id_token.
You will find the roles in id_token.
这篇关于如何从Azure活动目录中获取邮递员中的用户角色声明?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
