-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Role information of the logged in user #3564
Comments
@peterfeng-hub can you confirm that the signed-in user has been added to any roles? To make sure, you can follow the guide: Add app roles to your application and receive them in the token. For a code sample, see React SPA using App Roles. |
Thanks @derisen for the instructions! I inadvertently added the app roles to the backend resource api, as opposed to the client app, which explained why I couldn't find the roles information. Also I found that the roles claim information exists in the |
@peterfeng-hub no worries! Can you decode your access token over at jwt.ms? You should be seeing the roles claim in the decoded token. |
Thanks for the quick turnaround, @derisen . Please see the decoded |
@peterfeng-hub ah, my bad : ) The token you show is meant for MS Graph. You should check the token meant for your web API ( |
@peterfeng-hub just to make sure, you were on the right track here -roles should be added to both client and backend apps. |
This is becoming interesting @derisen . For the backend resource api, I have added a couple app roles to it and assigned those roles to the user that I use to sign in. The
However, if I do specify the |
@peterfeng-hub that's expected. You are requesting an access token for your web api during login (based on the |
Core Library
@azure/msal-browser
Core Library Version
2.13
Wrapper Library
Not Applicable
Wrapper Library Version
2
Description
How do I get the roles information of the logged in user, please?
The reason is that I'm using "roles" value of the logged in user to determine if the user is authorized to access the protected backend resource.
I was hoping to find the "roles" claim in the payload of the decoded access token, but it seems there is no such property there.
My backend resource's api is published in Azure API Management where a "validate-jwt" policy has been added to validate the access token in the request header to check if there is the correct roles claim value.
MSAL Configuration
Relevant Code Snippets
No response
Identity Provider
Azure AD / MSA
Source
External (Customer)
The text was updated successfully, but these errors were encountered: