I'm running a Cordova app which connects to a Web API hosted on Azure. I've got the API secured using Azure AD bearer authentication. When the user tries to call one of the endpoints, he's forwarded to the Azure AD sign-in page, enters his credentials and then is given the token. The token is added to all subsequent requests to the API. I'm using the mobile apps client SDK to do so (cordova-plugin-ms-azure-mobile-apps).
I now would like to know who's calling the API, on the server side. I've inspected the User property of my Web API controller. There's some information there including a number of claims, but nothing which resembles the actual username (only a sid).
So the question now is:
- Can I somehow add the information to the token? Since the token comes from Azure AD I suppose that would also be the place to add additional information but I'm not sure whether that is possible.
- If not, can I somehow use the sid to translate this into the user that has logged in?
And perhaps there's another options I didn't think of.
