1
votes

I am following Authentication code flow with PKCE and my Identity provider is Azure Active directory. I have created a App , "client-app" from App Registrations. In the manifest I have added appRoles like the following.

"appRoles": [
    {
      "allowedMemberTypes": [
        "User"
      ],
      "displayName": "StoreGroupManager",
      "id": "47fbb575-859a-4941-89c9-0f7a6c30beac",
      "isEnabled": true,
      "description": "Consumer apps have access to the consumer data.",
      "value": "StoreGroupManager"
    }
  ]

I am assigning this role StoreGroupManager to Users. Now when I follow Authorization code flow with PKCE and obtain the id_token , refresh token and access_token. I can see that the id_token has a claim roles but not the access_token. I need to have roles claim claim in the access_token. Can this be possible? The following is the decoded id_token.

enter image description here

1

1 Answers

1
votes

Roles will be in the access token if the app registration for the API that the access token is for defines those roles and they are assigned to the user. So if you use the same app registration for the client and API, they should be there. But if you have separate app registrations for the client and API, you will need to define the role in both apps and assign the user to it on both of them as well.