ms-identity-javascript-angular-tutorial
ms-identity-javascript-angular-tutorial copied to clipboard
Azure-Samples
Group claims not added
Issue
Please provide us with the following information:
This issue is for the sample
- [ ] 1-1) Sign-in with Azure AD
- [ ] 1-2) Sign-in with Azure AD B2C
- [ ] 2-1) Acquire a Token and call Microsoft Graph
- [ ] 3-1) Protect and call a web API on Azure AD
- [ ] 3-2) Protect and call a web API on Azure AD B2C
- [ ] 4) Deploy to Azure Storage and App Service
- [ ] 5-1) Call a web API using App Roles
- [ X] 5-2) Call a web API using Security Groups
- [ ] 6-1) Call Microsoft Graph using on-behalf-of flow
- [ ] 6-2) Call a multi-tenant web API
This issue is for a
- [ ] bug report -> please search issues before submitting
- [ X] question
- [ ] feature request
- [ X] documentation issue or request
Minimal steps to reproduce
After following the instructions the group claims are not added. We are using ApplicationGroups, so there should only be one group in the claim. I saw some missmatches within the documentation and the file names.
Any log messages given by the failure
No group claims added
Expected/desired behavior
Deliver all group claims in the token
Library version
Browser and version
Chrome, Edge, Firefox, Safari? Group Token is missing in all browsers
Mention any other details that might be useful
Thanks! We'll be in touch soon.
Hi @sebastianlung , thanks for reaching out. From my understanding, the issue you're facing is that you're not receiving the groups id in the token claims. Please ensure that the token configuration is set to Groups assigned to the application for both the SPA and API application registration from the Azure portal. Also, you have to assign the groups to applications. Check the following section in the readme, and for more information, you can check this video.
Apologies for the mismatches within the documentation; we are working on updating the sample.
Hi @salman90, we did the steps and also the "groups assigned to the application" flag is set, but the group claims are still missing. We managed to get it work with a differnet example. So I think there is some issue within the project.
Hi @sebastianlung, I ran the project and managed to get the group claims in my tokens. If the group claims are not showing in the id-token and access-token, this is an issue with token configuration, and the project has no control over it. Please make sure you did the following steps:
- Configured the token to
Groups assigned to the applicationfrom the application registrations. - Added the API and SPA applications groups from the Users and groups blade.
- Added the group object id in both
auth-config.tsandappsettings.jsonfiles.
Check the Manifest blade in your application registrations. You should see the following in the Optional Claims:
"optionalClaims": {
"idToken": [
{
"name": "groups",
"source": null,
"essential": false,
"additionalProperties": []
}
],
"accessToken": [
{
"name": "groups",
"source": null,
"essential": false,
"additionalProperties": []
}
],
"saml2Token": [
{
"name": "groups",
"source": null,
"essential": false,
"additionalProperties": []
}
]
}
The project does require updates in the readme, and we are working on the updates.
This issue has not seen activity in 14 days. If your issue has not been resolved please leave a comment to keep this open. It will be closed in 7 days if it remains stale.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This issue has been closed due to inactivity. If this has not been resolved please open a new issue. Thanks!