问题描述

我只是想知道是否可以通过 Azure 门户向 Azure Ad OAuth2 JWT 令牌添加或指定自定义声明?还是这只是可能的代码方面?

I was just wondering if there is a way to add or specify custom claims to the Azure Ad OAuth2 JWT token via Azure Portal? Or is this only possible code side?

推荐答案

据我所知，Azure AD目前不支持发出自定义声明.

As far as I know, the Azure AD doesn't support to issue the custom claim at present.

作为一种解决方法，我们可以使用 Azure AD Graph 添加 目录架构扩展.之后，我们可以使用 Azure AD Graph 获取数据扩展，并在验证安全令牌时添加自定义声明，如下代码所示:

As a workaround, we can use the Azure AD Graph to add the directory schema extensions. After that, we can use the Azure AD Graph to get the data extension and add the custom claim when the security token is verified like code below:

app.UseOpenIdConnectAuthentication(
    new OpenIdConnectAuthenticationOptions
    {
        ClientId = clientId,
        Authority = authority,
        PostLogoutRedirectUri = postLogoutRedirectUri,
        Notifications = new OpenIdConnectAuthenticationNotifications
        {
            AuthenticationFailed = context => 
            {
                context.HandleResponse();
                context.Response.Redirect("/Error?message=" + context.Exception.Message);
                return Task.FromResult(0);
            }
            ,
            SecurityTokenValidated = context =>
            {
                //you can use the Azure AD Graph to read the custom data extension here and add it to the claims 
                context.AuthenticationTicket.Identity.AddClaim(new System.Security.Claims.Claim("AddByMe", "test"));
                return Task.FromResult(0);
            }
    });

此外，如果您对 Azure 有任何想法或反馈，可以从 这里.

In addition if you have any idea or feedback about Azure, you can submit them from here.

这篇关于添加 Azure Ad Oauth2 JWT 令牌声明的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持跟版网！