Skip to content

Get-MgContext: include directory role values from wids claim? #1782

@jazuntee

Description

@jazuntee

Get-MgContext should include directory role ids from wids claim and resolve to role displayName if possible.

image

In the example below,

  • "9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3" equates to "Authentication Admin" role
  • "0997a1d0-0d1d-4acb-b408-d5ca73121e90" equates to default service principal permissions?
    {
    "aud": "https://graph.microsoft.com",
    "iss": "https://sts.windows.net/cc7d0b33-84c6-4368-a879-2e47139b7b1f/",
    "iat": 1675198725,
    "nbf": 1675198725,
    "exp": 1675202625,
    "aio": "E2YAgrYTLMzdKWLhDslMgbOV0wE=",
    "app_displayname": "PowerShell Client (Confidential)",
    "appid": "c3b902b3-0b1c-4338-8d49-b436597cbc52",
    "appidacr": "2",
    "idp": "https://sts.windows.net/cc7d0b33-84c6-4368-a879-2e47139b7b1f/",
    "idtyp": "app",
    "oid": "bdfa0a62-3d10-4d36-abad-3d432a3552a2",
    "rh": "0.ASgAMwt9zMaEaEOoeS5HE5t7HwMAAAAAAAAAwAAAAAAAAAAoAAA.",
    "sub": "bdfa0a62-3d10-4d36-abad-3d432a3552a2",
    "tenant_region_scope": "NA",
    "tid": "cc7d0b33-84c6-4368-a879-2e47139b7b1f",
    "uti": "k7opWtDqiEiZBfk_rzEFAA",
    "ver": "1.0",
    "wids": [
    "9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3",
    "0997a1d0-0d1d-4acb-b408-d5ca73121e90"
    ],
    "xms_tcdt": 1525889780
    }

"b79fbf4d-3ef9-4689-8143-76b194e85509" is default user permissions?

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions