msal.js访问令牌中的自定义声明 [英] Custom claims in msal.js access token

问题描述

acquireTokenSilent()  msal.js 方法中，JWT令牌不包含自定义声明(合同，fileUploadAllowed).

{ "iss":"https://login.microsoftonline.com/guid/v2.0/"， "exp":1548416392， "nbf":1548455092， "aud":"c152h904-835a-496f-8919-e74f5013374c"， "contract":"Contract03"， "fileUploadAllowed":false， 子":"25a6ec11-16fd-477a-8917-e0728c69e1db"， "nonce":"defaultNonce"， "scp":"portal.read user_impersonation"， "azp":"c154c904-835a-496f-8919-e74f5087384c"， "ver":"1.0"， "iat":1542213053 }

由msal.js生成的JWT令牌(access_token)的有效负载:

 {
  "iss":"https://login.microsoftonline.com/guid/v2.0/"，
  "exp":1548416396，
  "nbf":1548455092，
  "aud":"c152h904-835a-496f-8919-e74f5013374c"，
  子":"25a6ec11-16fd-477a-8917-e0728c69e1db"，
  "nonce":"e6df86c9-7c19-4cb5-a4ac-1aa2a89b1951"，
  "scp":"portal.read user_impersonation"，
  "azp":"c154c904-835a-496f-8919-e74f5087384c"，
  "ver":"1.0"，
  "iat":1542213953
} 

谢谢.

解决方案

MSAL不包括在B2C策略中添加的声明，因为这些值并不总是存在于所有id_tokens中. /p>

I have secured my Angular 7 application by using msal.js. I've created a custom policy that returns custom claimtypes in the id_token and in the access_token. To achieve this, I've been following this tutorial: https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-custom-rest-api-netfw. When I use the acquireTokenSilent() msal.js method, the JWT token does not contain the custom claims (contract, fileUploadAllowed).

When I use the "Run Now" button on the Custom Policy pane in Azure, I do receive an access_token that has the custom claims.

The payload of the JWT token thats is generated by running the policy in Azure (Changed some of the values):

{
  "iss": "https://login.microsoftonline.com/guid/v2.0/",
  "exp": 1548416392,
  "nbf": 1548455092,
  "aud": "c152h904-835a-496f-8919-e74f5013374c",
  "contract": "Contract03",
  "fileUploadAllowed": false,
  "sub": "25a6ec11-16fd-477a-8917-e0728c69e1db",
  "nonce": "defaultNonce",
  "scp": "portal.read user_impersonation",
  "azp": "c154c904-835a-496f-8919-e74f5087384c",
  "ver": "1.0",
  "iat": 1542213053
}

The payload of the JWT token (access_token) that is generated by msal.js:

{
  "iss": "https://login.microsoftonline.com/guid/v2.0/",
  "exp": 1548416396,
  "nbf": 1548455092,
  "aud": "c152h904-835a-496f-8919-e74f5013374c",
  "sub": "25a6ec11-16fd-477a-8917-e0728c69e1db",
  "nonce": "e6df86c9-7c19-4cb5-a4ac-1aa2a89b1951",
  "scp": "portal.read user_impersonation",
  "azp": "c154c904-835a-496f-8919-e74f5087384c",
  "ver": "1.0",
  "iat": 1542213953
}

I want to receive the custom claims in the access_token that is generated by msal.js. Does anyone know what I should do in order to make this work?

Thank you.

解决方案

MSAL does not include claims added in a B2C policy because these values won't always exist for claims in all id_tokens. 

这篇关于msal.js访问令牌中的自定义声明的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！