添加Azure Ad Oauth2 JWT令牌声明 [英] Adding Azure Ad Oauth2 JWT Token Claims

问题描述

我只是想知道是否可以通过Azure门户向Azure Ad OAuth2 JWT令牌添加或指定自定义声明? 还是这仅是可能的代码方面?

I was just wondering if there is a way to add or specify custom claims to the Azure Ad OAuth2 JWT token via Azure Portal? Or is this only possible code side?

推荐答案

据我所知，Azure AD当前不支持发出自定义声明.

As far as I know, the Azure AD doesn't support to issue the custom claim at present.

作为一种解决方法，我们可以使用Azure AD图添加

As a workaround, we can use the Azure AD Graph to add the directory schema extensions. After that, we can use the Azure AD Graph to get the data extension and add the custom claim when the security token is verified like code below:

app.UseOpenIdConnectAuthentication(
    new OpenIdConnectAuthenticationOptions
    {
        ClientId = clientId,
        Authority = authority,
        PostLogoutRedirectUri = postLogoutRedirectUri,
        Notifications = new OpenIdConnectAuthenticationNotifications
        {
            AuthenticationFailed = context => 
            {
                context.HandleResponse();
                context.Response.Redirect("/Error?message=" + context.Exception.Message);
                return Task.FromResult(0);
            }
            ,
            SecurityTokenValidated = context =>
            {
                //you can use the Azure AD Graph to read the custom data extension here and add it to the claims 
                context.AuthenticationTicket.Identity.AddClaim(new System.Security.Claims.Claim("AddByMe", "test"));
                return Task.FromResult(0);
            }
    });

此外，如果您对Azure有任何想法或反馈，可以从这里.

In addition if you have any idea or feedback about Azure, you can submit them from here.

这篇关于添加Azure Ad Oauth2 JWT令牌声明的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！