I have an application in Vue.js that obtains user/bearer tokens using oidc-client that gives information about the usergroups in a particular Enterprise Application in Azure AD, the current logged in user is part of. We have used the following as the scope scope: `openid email profile api://${APP_CLIENT_ID}/user_access' where APP_CLIENT_ID is the corresponding app registration application/client id. Now we are trying to implement the same from a desktop client app using MSAL but using the same scope with or without the "/.default" suffix provides errors. Also, have tried using "api://Resource URI/.default", which gives the token but does not provide any info on app Usergroups. What should be the correct scope that needs to be used to get the info or is there any other alternative to this?
Getting Azure AD Enterprise Application user group in jwt token using MSAL in C#
788 views Asked by user9057272 At
1
There are 1 answers
Related Questions in .NET
- file download method in visual studio 2017
- Repository manager receives the wrong connection string in .net core
- MongoDb not connecting C#
- The current .NET SDK does not support targeting .NET Core 6.0. Brand new WPF Project VS Community 2022 17.9.5
- Why Scanning GSI on DynamoDb doesnt work as fast as expected when using CONTAINS?
- Are "blittable types" really unmanaged types for StructLayout Sequential
- Failed to fetch dynamically imported module on Blazor JS Interop
- Problem to upload several images per one request
- Implementing Azure AD B2C Authentication in .NET 8 Blazor Project (RenderMode: InteractiveAuto)
- Stripe connect payout - throws exceptions
- 'IOException: The cloud file provider is not running', when trying to delete 'cloud' folder
- Azure Application Insights Not Displaying Custom Logs for Azure Functions with .NET 8
- Convert C# DateTime.Ticks to Bigquery DateTime Format
- Socket.io nodejs server .NET connection
- Producer Batching Service Bus Vs Kafka
Related Questions in AZURE-ACTIVE-DIRECTORY
- How to authenticate only Local and Guest users in Azure AD B2C and add custom claims in token?
- Microsoft Entra ID - How to delete a tenant?
- Azure AD guest account in web app authentication user claims data
- Handling errors in MSAL Redirect - reactjs login with microsoft sso
- Azure Cross Cloud Auth using AAD
- Get id token from the access token
- Microsoft Identity does not work in docker desktop
- how to get refresh token in msal-browser Azure AD B2C login?
- Local DX for service-to-service authentication based on Managed Identities in Azure
- How can I add an identity provider to an existing user in an AWS Cognito user pool using the OIDC protocol?
- Azure B2C MFA custom policy flow 'try another way'
- How can I protect an Java Spring boot API against Azure AD B2C if I only have an id_token?
- Is there any way to get a new Azure CLI token without logging out?
- Code a Delegated Permission in Azure Powershell
- Service Principals I create are not being created as mine
Related Questions in AZURE-AD-MSAL
- Azure AD B2C login getting error The redirect URI 'localhost:3001' provided in the request is not registered
- Azure AD B2C login with Microsoft identity provider error: Proof Key for Code Exchange is required for cross-origin authorization code redemption
- Unable to use MSAL Desktop Apps that use localhost from Azure Storage Explorer and SQL Server Mgmt Studio
- MSAL: Session data corrupted - redirect_uri mismatch
- Does the go Azure AD MSAL library support PoP OAuth?
- Graph API to access Business Central using Application Client Credentials
- Need to pass custom claims to B2C Custom Policy from a React Application
- Should you implement a custom RemoteAuthenticatorView Blazor WASM
- Authenticate Power BI Reports via Node & NextJS
- How to prevent Login in AD B2C based on an extension claim type using User Flows
- Nested Routes Issue with React Router
- Error comes when Installing MSAL to Angular App
- Azure AD Auth, Angular & .NET API with Graph: MSAL.UiRequiredException Fix?
- Get back deleted applications starting with 'dev' client-certificate authentication
- Handling refresh tokens in Azure (Microsoft graph) delegation flow
Related Questions in AZURE-OAUTH
- Is it possible to for users to only grant a subset of permissions on OAuth Authorization Code Flow?
- OAuth Access Token Exchange Protocol
- Decoding azure access token obtained by client credential flow
- Springboot reactive webflux with oauth2 client credentials flow for azure active directory
- Can I set two different Redirect URL (Reply URL) inside a SPA application inside Azure AD
- Getting Azure AD Enterprise Application user group in jwt token using MSAL in C#
- How to generate Access Token for Azure with grant type password? PowerBI REST API
- How should I create app registrations on-demand for my users in Azure B2C?
- MS Graph API Granted Scopes not reflecting in the Access Token
- Power Bi Azure Cost Management - oauth token
- How to make all refresh tokens invalid for getting access token to make it more secure
- Microsoft/Azure OAuth failing, my organization lacks a service principal
- OAuth authentication with EWS Managed API applications for a specific mailbox
- Use HWIOAUTHBundle with LexikJWT in a api-platform project
- Admin-approved User.Read.All scope is not granted in the OAuth token scopes
Related Questions in MSAL
- Creating Azure B2B login system with Vue.js frontend & Python Django backend
- MSAL use WithParentActivityOrWindow with UWP handle will white screen and stuck
- Authentication with Azure MSAL in multiple apps without a redirection
- MSAL - react native for android stuck dialog : "Are you trying to sign in to ...."?
- MSAL: Session data corrupted - redirect_uri mismatch
- .NET Core Web App with Azure AD shows 404
- Azure MSAL is redirecting to UnauthenticatedTemplate after Authenticating of my react app
- BrowserAuthError: popup_window_error: Error opening popup window on @azure/msal-browser 2.16.1
- 401 Unauthorized https://api.powerbi.com/v1.0/myorg/GenerateToken
- Azure Blob Storage fails to authenticate (using msal-browser). Required token scope seems to be missing
- Unity Microsoft Login Not working in WebGL, but does in Windows
- SQL connection throws error when adding DistributedSession, SessionMiddleware
- Getting access token using MSAL fails
- Azure angular msal/browser package is opening blank popup when trying to log into teams
- Not able to open prompt using .WithPrompt(Prompt.SelectAccount)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
To fetch the Azure AD group the current logged in user is part of, check the below:
Assign
GroupMember.Read.AllAPI permission to the Azure AD Application.Now, generate access token to call Graph API via Postman like below:
To get the Azure AD group the current logged in user is part of, use the below query:
To fetch the groups assigned to the Azure AD Application, check the below:
Add optional claim in the Azure AD Application:
Now, I generated tokens via Postman using below parameters:
When I decoded the token, the groups added to the Application are displayed like below: