有没有一种方法可以确定在MSAL.js中身份验证遵循的是MSA还是Azure AD [英] Is there a way to find whether authentication followed MSA or Azure AD in MSAL.js

问题描述

我尝试使用此处提供的代码: https ://github.com/Azure-Samples/active-directory-javascript-singlepageapp-dotnet-webapi-v2

I tried using the code provided here: https://github.com/Azure-Samples/active-directory-javascript-singlepageapp-dotnet-webapi-v2

它适用于MSA和Azure AD身份验证.我需要知道输入的电子邮件地址是MSA还是Azure AD.有没有办法从响应中找出答案?

It works for both MSA and Azure AD authentication. I need to know whether the email address entered was MSA or Azure AD. Is there a way to find that out from the response?

推荐答案

在您返回的id_token中，有一个iss(颁发者)声明. 该声明包含用户的租户.

In the id_token you get back, there's a iss (issuer) claim. This claim contains the user's tenant.

如果用户使用了Microsoft帐户(MSA)，则其发行人的声明将包含以下MSA租户的GUID:9188040d-6c67-4c5b-b112-36a304b66dad

If the user used a Microsoft Account (MSA), their issuer claims will contain the following GUID for the MSA tenant: 9188040d-6c67-4c5b-b112-36a304b66dad

发行人的全部价值为:

https://login.microsoftonline.com/9188040d-6c67-4c5b-b112-36a304b66dad/v2.0

任何其他GUID都表明用户使用Azure AD登录，并且GUID值将代表其Azure AD租户.

Any other GUID indicates that the user signed in using Azure AD and the GUID value will represent their Azure AD tenant.

有关更多信息，请查看

For more information check out the id_token section of the Token Reference documentation.

这篇关于有没有一种方法可以确定在MSAL.js中身份验证遵循的是MSA还是Azure AD的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！