Quantcast
Channel: Azure Active Directory forum
Viewing all articles
Browse latest Browse all 16000

Return JWT with "appRoles"

$
0
0

Hello,

Hello, I am working on a Server to Server – Client Credentials Grant, a scenario in which the unattended client application needs to be issued token for the specified resource.  I have specified appRoles in my application manifest in Azure. 


...,  "appRoles": [
    {
      "allowedMemberTypes": [
        "Application"
      ],
      "description": "...",
      "displayName": "PCN",
      "id": "9bb196cc-...-3680b9906f3f",
      "isEnabled": true,
      "origin": "Application",
      "value": "..."
    },
    {
      "allowedMemberTypes": [
        "Application"
      ],
      "description": "...",
      "displayName": "PUN",
      "id": "585bfe19-89...-8ac2-65b0abfaad4f",
      "isEnabled": true,
      "origin": "Application",
      "value": ".."
    }
   ],...

However the returned JWT, does not contain appRoles in the payload:

{
  "aud": "http://...onmicrosoft.com/...",
  "iss": "https://...windows.net/.../",
  "iat": 1434743085,
  "nbf": 1434743085,
  "exp": 1434746985,
  "ver": "1.0",
  "tid": "190f4bb...9c19923917",
  "oid": "4911016...e-a571e079d8b2",
  "sub": "491101...0e-a571e079d8b2",
  "idp": "https://sts.windows.net/.../",
  "appid": "817ceb3...-b698-88bfb180e087",
  "appidacr": "1"
}

Am I missinging something in app configuration in Azure, or in how I am requesting the token?

        AuthenticationResult ar;
        ClientCredential clientCredential = new ClientCredential(clientId, clientSecret);

        try
        {
          ar = authContext.AcquireToken(resourceUri, clientCredential);
        }
        catch (Exception e)
        {
          ...
        }

        JObject payload = new JObject();
        payload["access_token"] = ar.AccessToken;
...

  I have the two added roles appears for configuration in Azure and assigned them to the Application: 

Perhaps, I need a different approach for application-specific roles or permissions, which I figure need to be properly entered into the manifest.

Thank you



Tom Schulte / Plex Systems







Viewing all articles
Browse latest Browse all 16000

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>