msal.js访问令牌中的自定义声明 [英] Custom claims in msal.js access token
问题描述
acquireTokenSilent() msal.js 方法中,JWT令牌不包含自定义声明(合同,fileUploadAllowed).
{ "iss":"https://login.microsoftonline.com/guid/v2.0/", "exp":1548416392, "nbf":1548455092, "aud":"c152h904-835a-496f-8919-e74f5013374c", "contract":"Contract03", "fileUploadAllowed":false, 子":"25a6ec11-16fd-477a-8917-e0728c69e1db", "nonce":"defaultNonce", "scp":"portal.read user_impersonation", "azp":"c154c904-835a-496f-8919-e74f5087384c", "ver":"1.0", "iat":1542213053 }
由msal.js生成的JWT令牌(access_token)的有效负载:
{ "iss":"https://login.microsoftonline.com/guid/v2.0/", "exp":1548416396, "nbf":1548455092, "aud":"c152h904-835a-496f-8919-e74f5013374c", 子":"25a6ec11-16fd-477a-8917-e0728c69e1db", "nonce":"e6df86c9-7c19-4cb5-a4ac-1aa2a89b1951", "scp":"portal.read user_impersonation", "azp":"c154c904-835a-496f-8919-e74f5087384c", "ver":"1.0", "iat":1542213953 }
谢谢.
MSAL不包括在B2C策略中添加的声明,因为这些值并不总是存在于所有id_tokens中. /p>
I have secured my Angular 7 application by using msal.js. I've created a custom policy that returns custom claimtypes in the id_token and in the access_token. To achieve this, I've been following this tutorial: https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-custom-rest-api-netfw.
When I use the acquireTokenSilent()
msal.js
method, the JWT token does not contain the custom claims (contract, fileUploadAllowed).
When I use the "Run Now" button on the Custom Policy pane in Azure, I do receive an access_token that has the custom claims.
The payload of the JWT token thats is generated by running the policy in Azure (Changed some of the values):
{ "iss": "https://login.microsoftonline.com/guid/v2.0/", "exp": 1548416392, "nbf": 1548455092, "aud": "c152h904-835a-496f-8919-e74f5013374c", "contract": "Contract03", "fileUploadAllowed": false, "sub": "25a6ec11-16fd-477a-8917-e0728c69e1db", "nonce": "defaultNonce", "scp": "portal.read user_impersonation", "azp": "c154c904-835a-496f-8919-e74f5087384c", "ver": "1.0", "iat": 1542213053 }
The payload of the JWT token (access_token) that is generated by msal.js:
{ "iss": "https://login.microsoftonline.com/guid/v2.0/", "exp": 1548416396, "nbf": 1548455092, "aud": "c152h904-835a-496f-8919-e74f5013374c", "sub": "25a6ec11-16fd-477a-8917-e0728c69e1db", "nonce": "e6df86c9-7c19-4cb5-a4ac-1aa2a89b1951", "scp": "portal.read user_impersonation", "azp": "c154c904-835a-496f-8919-e74f5087384c", "ver": "1.0", "iat": 1542213953 }
I want to receive the custom claims in the access_token that is generated by msal.js. Does anyone know what I should do in order to make this work?
Thank you.
MSAL does not include claims added in a B2C policy because these values won't always exist for claims in all id_tokens.
这篇关于msal.js访问令牌中的自定义声明的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!