Azure 广告组成员资格声明 [英] Azure ad group membership claims

问题描述

我已将 Azure AD 中应用清单中的 groupMembershipClaims 属性设置为全部"，这将导致用户的安全组成员身份在 id 令牌中返回.

I've set the groupMembershipClaims property in an app's manifest in Azure AD to "All", which should result in a user's security group memberships to be returned in the id token.

但是，它们不会被退回.多次尝试重新登录.是不是我做错了什么?

However, they are not being returned. Have tried to re-login multiple times. Is there something I am doing obviously wrong?

推荐答案

抱歉在这里浪费了大家的时间.我正在为朋友问这个问题，结果他们正在查看访问令牌，不是 id 令牌.

Sorry for wasting people's time here. I was asking this question for a friend, and turns out they were looking at the access token, not the id token.

因此，作为未来参考，请确保您从 AAD 请求 id 令牌，并使用它来确定群组成员资格等信息.

So as future reference, make sure you are requesting an id token from AAD, and use that to figure out things like group memberships.

这篇关于Azure 广告组成员资格声明的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！