I used the Github "WebApp-OpenIDConnect-DotNet" sample.
After authentication, I got back:
Notice that the top part of the claims follow the OAuth pattern e.g.
aud = audience
iss = issuer
iat = issued at
etc.
The bottom half (and there are others that didn't fit into the image) are the kind of claims that you get with claims-based identity e.g. the kind you get if you use the older WIF wrapper.
This isn't strictly OAuth but it does provide a way to "augment" the somewhat sparse OAuth claims set.
Also note that you do not get Roles OOTB.
To do this you need to change the AAD Application manifest.
Refer:
Azure Active Directory Part 4: Group Claims
Or you could just use the good, old Azure AD Graph API.
Enjoy!
No comments:
Post a Comment