0

I have created an Azure Static Website and followed the instructions on how to add a basic Azure Authentication identity provider.

I have a custom auth section :

enter image description here

I have added groups to the ID Token :

enter image description here

I am struggling to work out how to tell the auth process to include the group details in the claim that is returned by making a http request to /.auth/me following a successful authentication

Steve Drake
  • 1,968
  • 2
  • 19
  • 41
  • You can remove the clientSecretSettingName as the identity is turned on, Azure Active Directory features versioned endpoints which affect how your registration is configured. If you are using AAD v1 (the issuer endpoint does not end with "/v2.0"), then you need to add the following userDetailsClaim entry to your configuration in the "azureActiveDirectory" object. – KarthikBhyresh-MT Aug 06 '21 at 10:39
  • Was my approach helpful ? – KarthikBhyresh-MT Aug 10 '21 at 11:00
  • 1
    no, sorry... after posting this I found something on the MS docs saying it cannot be done and its marked as a feature request. – Steve Drake Aug 11 '21 at 13:54
  • 1
    Can you share the doc ? – KarthikBhyresh-MT Aug 12 '21 at 08:41
  • https://learn.microsoft.com/en-us/answers/questions/435090/how-to-access-user-user-claims-in-an-azure-static.html – Steve Drake Aug 13 '21 at 10:53
  • 1
    I will still try your suggestion, but as a generally with auth / jwt tokens you often want more things adding to the claim. The auth process of SWA does not pass anything through to the token other than the necessary ones such as id and email/name. – Steve Drake Aug 13 '21 at 10:55
  • 1
    agreed, adding same below for other community members. Feel free to edit. – KarthikBhyresh-MT Aug 13 '21 at 11:39

1 Answers1

0

Posting here as discussed in comments... Refer: Post (original)

We currently don't have a way for the customer to access the user's claims other than the necessary ones such as id and email/name by adding following userDetailsClaim entry to your configuration in the azureActiveDirectory object.

"azureActiveDirectory": {
  "registration": { ... },
  "userDetailsClaim": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" 
}

Further, please share your feedback here and upvote it for product group to look into it. This is the best way to ensure you are heard and you may receive a response depending on how much they information they can currently share.

KarthikBhyresh-MT
  • 4,560
  • 2
  • 5
  • 12