I have an application in Vue.js that obtains user/bearer tokens using oidc-client that gives information about the usergroups in a particular Enterprise Application in Azure AD, the current logged in user is part of. We have used the following as the scope scope: `openid email profile api://${APP_CLIENT_ID}/user_access' where APP_CLIENT_ID is the corresponding app registration application/client id. Now we are trying to implement the same from a desktop client app using MSAL but using the same scope with or without the "/.default" suffix provides errors. Also, have tried using "api://Resource URI/.default", which gives the token but does not provide any info on app Usergroups. What should be the correct scope that needs to be used to get the info or is there any other alternative to this?
Getting Azure AD Enterprise Application user group in jwt token using MSAL in C#
786 Views Asked by user9057272 At
1
There are 1 best solutions below
Related Questions in .NET
- Does compiler optimize operation on const variable and literal const number?
- What is the point of definnig Asp.net Intrinsic Objects In different places and what is the different betwen them?
- Deleting Orphans with Fluent NHibernate
- IOrderedEnumerable to vb.net IOrderedEnumerable Conversion
- What is this namespace ITypeOfObjectsBoundToListBox ? Couldn't find it
- .net rest service with JSON string and consumed with java client
- What is best way to check if any of the property of object is null or empty?
- Telerik's WPF RadColorPicker NoColorText property not working
- Possible consequences of duplicate ProgId for different classes
- How are multiple requests to Task.Run handled from a resource management standpoint?
- Optimizing C++ call from C#
- Make a per-web-application object available to Web API and SignalR controllers
- System.ComponentModel.DataAnnotations.Schema namespace conflict
- LINQ Except/Distinct based on few columns only, to not add duplicates
- Not displaying content by its URL string - absolute urls
Related Questions in AZURE-ACTIVE-DIRECTORY
- MultipleTokensMatched exception when using default TokenCache
- How can I share Azure Active Directory authentication between server side and client script?
- Azure AD Change Password with patch call
- Azure Active Directory Login: Web App Permissions, User Consent not triggered
- ADALJS Error description:AADSTS65001: No permission to access user information is configured for 'clientId' application, or it is expired or revoked
- app is re-initializing the first time ADAL "protected" URL is accessed via $http
- Validate access token for WEB API protected by Azure AD
- Azure AD Graph API: Is it possible to enumerate all groups associated with an application role?
- Is is possible to use Azure AD as a SAML compliant Identity Provider?
- Microsoft Graph API Accessing basic info of a user that is outside tenancy
- RoundCube OAuth with Azure Active Directory
- Deploy Azure AD WebAPI to IIS, with Windows Authentication enabled, skips Azure AD Authentication
- How to change Is Multiple Resource Refresh Token to true in Azure AD authentication?
- Azure, login to separate accounts with one email
- How to setup nginx to authenticate users through Azure AD?
Related Questions in AZURE-AD-MSAL
- In theory, is it possible for Azure AD or B2C to leverage the Facebook SDK for auth?
- How should I determine if an MSAL account has an Exchange based email system? (got an exception)
- How do I customize the App icon that appears in MSAL v2 myapps.microsoft.com?
- How to use ConfidentialClientApplication to perform AppOnly requests to Graph (Group.ReadWrite.All)
- Can MSAL be used with my own authority (e.g. IdentityServer)
- MSAL with Angular2 : Refused to display in a frame because it set 'X-Frame-Options' to 'deny'
- Azure B2C Refresh Token Functionality Not Working In iOS Swift Sample App
- Stay logged in when using msal.js
- Using MSAL in a machine-to-machine scenario as a CSP
- Unable to locate the refresh token with Microsoft Graph
- Microsoft Graph API .NET - Able to pull all users (including myself), but not just me
- How to make API call to Partner Center from authorized Web API?
- Why does my application always end up calling Program.PublicClientApp.AcquireTokenAsync?
- How to get user information when authenticating with OneDrive SDK
- Native Facebook login and Azure AD B2C using MSAL
Related Questions in AZURE-OAUTH
- OAuth Access Token Exchange Protocol
- Azure registered app error: The user or administrator has not consented to use the application with ID
- Power Bi Azure Cost Management - oauth token
- Protecting SPA and API using Azure AD and app roles
- For IMAP.AccessAsUser.All Scope ADSTS65001: The user or administrator has not consented to use the application
- Microsoft/Azure OAuth failing, my organization lacks a service principal
- OAuth authentication with EWS Managed API applications for a specific mailbox
- How to make all refresh tokens invalid for getting access token to make it more secure
- Getting Azure AD Enterprise Application user group in jwt token using MSAL in C#
- Can I set two different Redirect URL (Reply URL) inside a SPA application inside Azure AD
- Springboot reactive webflux with oauth2 client credentials flow for azure active directory
- Decoding azure access token obtained by client credential flow
- MS Graph API Granted Scopes not reflecting in the Access Token
- MSAL - Network request failed. Please check network trace to determine root cause
- steps to create PowerBI API token
Related Questions in MSAL
- MSAL Authentication Issue When Deploying Azure Function (Python v1), but works locally
- MSAL v2 Angular - Logout Issue
- Angular MSAL Library Concurrency Issues: msal-browser v3.2.0, Angular v16.2
- Failed to serialize SSO request dictionary for interactive token request
- MSAL.js and Axios - aquireTokenPopup interaction in progress
- expo react-native-msal [TypeError: Cannot read property 'createPublicClientApplication' of null]
- Use Azure devops release variables group in vue application
- AADSTS900561 Error in MSAL-Browser: Endpoint Only Accepts POST and OPTIONS Requests, Not GET – Unable to Retrieve Token
- react-native-msal bypass app continue screen during login
- C# WinForms - This causes a endless loop: await publicClientApplication.AcquireTokenInteractive(scopes).ExecuteAsync();
- Getting Type 'InteractionStatus' is not assignable to type '"startup"' using node-browser and typescript
- Getting token but not scope inside that token using MSAL code
- Ionic and MSAL Authentication with Azure AD instance
- Content security policy (CSP) error while doing SSO with Azure AD via MSAL in angular
- Add Azure MSAL/Active Directory SAML to existing web app NodeJS backend
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
To fetch the Azure AD group the current logged in user is part of, check the below:
Assign
GroupMember.Read.AllAPI permission to the Azure AD Application.Now, generate access token to call Graph API via Postman like below:
To get the Azure AD group the current logged in user is part of, use the below query:
To fetch the groups assigned to the Azure AD Application, check the below:
Add optional claim in the Azure AD Application:
Now, I generated tokens via Postman using below parameters:
When I decoded the token, the groups added to the Application are displayed like below: