Access token retrieved with MSAL does not contain group IDs
I want to include group IDs in the access token retrieved with MSAL in my React web client. I retrieve the access token with:
const accessToken = await instance.acquireTokenSilent({
scopes: [
"https://graph.windows.net/Group.Read.All",
"https://graph.windows.net/User.Read",
],
account: accounts[0],
})
).accessToken;
I have granted the app registration the Microsoft Graph API Group.Read.All (delegated) permission in Azure. I have also added groups as an optional claim in the Token configuration section. So the app manifest now has the following properties:
{
"accessTokenAcceptedVersion": 2,
(...)
"groupMembershipClaims": "SecurityGroup",
(...)
"optionalClaims": {
"accessToken": [
{
"name": "groups",
"source": null,
"essential": false,
"additionalProperties": []
}
],
},
(...)
}
I successfully retrieve a access token with a valid signature. The access token also include the following claim:
{
"scp": "Group.Read.All User.Read"
}
, but it is missing the expected groups claim which should include a list of group IDs. What have I configured incorrectly?
It seems like the id_token retrieved with MSAL contains the group IDs, but not the access token.
Note that: Using the manifest of the resource, access tokens are generated not by using the client. To get the optional claims in the access token request the token for your application. Refer this MsDoc.
- As you are generating access token for
https://graph.windows.net/that is the resource is Microsoft Graph hence the access token is generated for the client not your application. - Modifying the Manifest and requesting access token for other resources doesn't fetch claims in access token.
Hence to get the Group IDs in the access token, Expose an API like below:
Grant the API permissions:
Now I generated access token by passing scope as api://ClientID/test.read
https://login.microsoftonline.com/TenantID/oauth2/v2.0/token
client_id:ClientID
scope:api://xxx/test.read
grant_type:authorization_code
redirect_uri:https://jwt.ms
client_secret:ClientSecret
code:code
When I decoded the access token, Group IDs are displayed:
Modify your code like below:
const accessToken = await instance.acquireTokenSilent({
scopes: [
"api://ClientID/ScopeName",
],
account: accounts[0],
})
).accessToken;
- How can I customize the color of a Checkbox in Material UI?
- Why do I get error "CSRF token mismatch". React 18 SPA with Laravel 10 API
- What are these three dots in React doing?
- npm run build is failing due to typescript or lodash uncompatibility
- Is it possible to return empty in react render function?
- Get color code from MUI palette color name
- React: ".map is not a function"
- Not able to upload a file on button click in react with mui
- react native header button doesn't work as expected
- How does Snapshot of a UI in React works?
- React Native FlatList with position absolute behind Components
- how to return values from a Laravel Sever to React with inertiajs?
- Next.js Redirect from / to another page
- Cant get coderef.current in my main index.js file and it is bringing an error
- React-Bootstrap dropdown on hover
- How to get Input field type as props in react typescript
- Next.js Application error: a client-side exception has occurred (see the browser console for more information)
- Blocked by CORS policy despite domain name present in server side file
- React hooks: call component as function vs render as element
- Using SSL with Local React Development on Windows
- How to add a className to an element inside a variable in react?
- What's the best way to set localStorage in React?
- How to combine the data of two state into third state in Next js
- Typescript error TS2307: Cannot find module 'react' when trying to import without using node.js?
- Redux reducer remove item from nested object state
- How do I change the background color of the body?
- How do I map() all images in a folder? | React.js and Vite
- Hosting Nextjs on hostinger
- React eslint error missing in props validation
- How to display an Error message when logging in fails in Reactjs