使用v2.0端点的声明中缺少UPN [英] Missing UPN in claim using v2.0 endpoint

问题描述

我已经从Microsoft建立了一个类似于以下示例的项目，在该项目中，我有一个本机应用程序请求使用v2.0端点访问Web api:

I have set up a project like the following example from Microsoft where I have a native application requesting access to a web api using the v2.0 endpoint: https://github.com/azureadquickstarts/appmodelv2-nativeclient-dotnet

我已成功使用该AAD中注册的帐户而非Microsoft帐户成功登录了AAD.我确实收到了索赔，但是该索赔既不包含Upn也不包含电子邮件.我正在使用jwt.ms来分析索赔，这是我从索赔中收到的信息:

I have managed to sign in successfully to AAD by using an account registered in that AAD and not a Microsoft account. I do receive a claim, however the claim does not contain neither a upn nor an email. I am using jwt.ms to analyse the claim and this is the info I am receiving from the claim:

{
   "typ": "JWT",
   "alg": "RS256",
   "kid": "1LTMzakihiRla_8z2BEJVXeWMqo"
}.{
   "aud": "Client ID/ App ID",
   "iss": "https://login.microsoftonline.com/tenantid/v2.0",
   "iat": 1534758037,
   "nbf": 1534758037,
   "exp": 1534761937,
   "aio": "ATQAy/8IAAAA+PZj+5vnrUwDfqTTKNBDcy0Tl7rOztkxzrb9YWXHVlevKwrlsGBP/gYAvL4bwr2G",
   "azp": "Client ID/ App ID",
   "azpacr": "0",
   "e_exp": 262800,
   "name": "xxx yyy",
   "oid": "9cc37e1d-0490-4cf4-9bb8-c872899dee91",
   "preferred_username": "test@tenantname.onmicrosoft.com",
   "scp": "access_as_user",
   "sub": "2l0nasrd8QbBpiEu1RGLFCavj3SzTzizIgmKAiMbdU0",
   "tid": "tenantid",
   "uti": "HG2cIi_MGUyBxBl6MzFPAA",
   "ver": "2.0"
}.[Signature]

我不知道为什么我没有在索赔中获得UPN.我真的很感谢您的帮助！

I can't figure out why I am not getting the UPN in the claim. I would really appreciate any help!

推荐答案

您需要明确地请求UPN和电子邮件.在v1.0端点中，默认情况下会返回它们，但由于v2.0需要较小的令牌，因此将其设为可选.通过以下链接，希望您的问题能够得到解决. 为什么必须要求UPN和电子邮件声明 https://docs.microsoft. com/zh-CN/azure/active-directory/develop/active-directory-optional-claims 如何在应用清单中添加可选声明 https://docs.microsoft.com/zh-CN/azure/active-directory/develop/reference-app-manifest

You need to make a request explicitly for UPN and Email. In v1.0 endpoint they are returned by default but because v2.0 wanted smaller tokens, they have made it optional. Go through the following links and hopefully your problem will be solved. Why you have to request for UPN and email claims https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims How to add optional claims in application manifest https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-app-manifest

这篇关于使用v2.0端点的声明中缺少UPN的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！