Azure AD JWT authentication - Claims are missing

0
votes

I'm trying to get a user groups from the Azure AD. I'm getting a token with these simple lines of code :

                if (this.user == null)
                    user = await AuthenticationManager.DefaultManager.CurrentClient.LoginAsync(this, MobileServiceAuthenticationProvider.WindowsAzureActiveDirectory);
                if (user != null)
                {
                    System.Diagnostics.Debug.WriteLine("Token = " + user.MobileServiceAuthenticationToken);
                }

When I paste the token in the JWT debugger present on this website : https://jwt.io/ I get some informations (stable_sid, sid, sub, idp, ver, iss, aud, exp, nbf) but I can't seem to get the groups claim in them.

I added in Azured AD the required permissions to read groups for Microsoft graph and Azure active directory but it did not change anything in the tokens.

What am I missing to get the users groups ?

Thank you in advance.

EDIT : Commenter pointed that I forgot to mention that I modified the manifest to "groupMembershipClaims": "SecurityGroup", I also tried "All" but still no claims.

1
c#azurejwtazure-active-directoryclaims-based-identity
stackoverflow.com/a/43258621/1658906 Would this help? - juunas
Thank you for your interest, I forgot to mention that I did modify the manifest and it still does not give me the intended claims. - Pierre P.

1 Answers

1
votes

Okay, so there is actually no issue here.

What we are supposed to do to acces the user groups is use the authentication token in order to make calls to the Microsoft Graph API, which will then give us access to the groups and users in the tenant.

https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-graph-api-quickstart