Azure AD and Blazor with Custom User Properties #1310

gterdem criada 3 anos atrás

Equipe de Apoio Senior .NET Developer

I guess it is enterprise feature since i couldn't find any group management or related claim management in my personal azure account. Since it is not related with ABP, you can find better answers asking this question in stackoverflow. It should help better about Azure Active Directory specific questions.

But logic should be adding the scope to application in Azure Portal application management and requesting the scope here in openid connection configuration: <br>

.AddOpenIdConnect("AzureOpenId", "Azure AD OpenId", options =>
{
    options.Authority = "[https://login.microsoftonline.com/](https://login.microsoftonline.com/)" + configuration["AzureAd:TenantId"] +
                        "/v2.0/";
    options.ClientId = configuration["AzureAd:ClientId"];
    options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
    options.CallbackPath = configuration["AzureAd:CallbackPath"];
    options.ClientSecret = configuration["AzureAd:ClientSecret"];
    options.RequireHttpsMetadata = false;
    options.SaveTokens = false;
    options.GetClaimsFromUserInfoEndpoint = true;
    options.Scope.Add("email");
    options.Scope.Add(ClaimTypes.Groups); //Whatever the claim is

    options.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "sub");

    options.Events.OnTokenValidated = async ctx =>    {
        var claimsFromOidcProvider = ctx.Principal?.Claims.ToList();
        // check here for returned claims
        await Task.CompletedTask;
    };
});

Check the logs, if you come across any error. It will be either the scope you requested in openid configuration is invalid (invalid_scope) or the scope you request is not allowed for the application (that you need to fix in Azure portal).

Check adding custom claims to current user question about how to add newly acquired claim.

2 resposta (s)