問題描述

我只是想知道是否可以通過 Azure 門戶向 Azure Ad OAuth2 JWT 令牌添加或指定自定義聲明?還是這只是可能的代碼方面?

I was just wondering if there is a way to add or specify custom claims to the Azure Ad OAuth2 JWT token via Azure Portal? Or is this only possible code side?

推薦答案

據我所知，Azure AD目前不支持發出自定義聲明.

As far as I know, the Azure AD doesn't support to issue the custom claim at present.

作為一種解決方法，我們可以使用 Azure AD Graph 添加 目錄架構擴展.之后，我們可以使用 Azure AD Graph 獲取數據擴展，并在驗證安全令牌時添加自定義聲明，如下代碼所示:

As a workaround, we can use the Azure AD Graph to add the directory schema extensions. After that, we can use the Azure AD Graph to get the data extension and add the custom claim when the security token is verified like code below:

app.UseOpenIdConnectAuthentication(
    new OpenIdConnectAuthenticationOptions
    {
        ClientId = clientId,
        Authority = authority,
        PostLogoutRedirectUri = postLogoutRedirectUri,
        Notifications = new OpenIdConnectAuthenticationNotifications
        {
            AuthenticationFailed = context => 
            {
                context.HandleResponse();
                context.Response.Redirect("/Error?message=" + context.Exception.Message);
                return Task.FromResult(0);
            }
            ,
            SecurityTokenValidated = context =>
            {
                //you can use the Azure AD Graph to read the custom data extension here and add it to the claims 
                context.AuthenticationTicket.Identity.AddClaim(new System.Security.Claims.Claim("AddByMe", "test"));
                return Task.FromResult(0);
            }
    });

此外，如果您對 Azure 有任何想法或反饋，可以從 這里.

In addition if you have any idea or feedback about Azure, you can submit them from here.

這篇關于添加 Azure Ad Oauth2 JWT 令牌聲明的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！