Emiting Roles in JWT Token from Azure AD

Question

I am trying to emit Roles in Angular Application using below instruction.

https://docs.microsoft.com/en-us/azure/active-directory/develop/tutorial-v2-angular

I was successfully validating user, getting roles in general from the account claims and also able to retrieve the JWT Token silently, everything using MSAL Service.

But, trying to achieve the same in JWT Token. accrue token silently but its missing roles. Just wonders, if someone can help me, how to configure it in Azure AD.

In Angular, I have this code which gives me JWT Token. while decoding it.. I am not seeing application roles in it.

const requestObj = {
  scopes: ['user.read'],
};

this.authService.acquireTokenSilent(requestObj).then(function (tokenResponse) {
    // Callback code here
    console.log(tokenResponse.accessToken);
  })
  .catch(function (error) {
    console.log(error);
  });

Do you mean Azure AD directory roles? Those aren't included in tokens or If the role you mentioned refers to an application role, the answer is yes, you can get the role information in id_token. please refer to this question may help you — Sruthi J
Thanks Sruthi for the information. I followed all the steps and I am getting the roles in id_token.. I need the same emitted in JWT Token, when you are calling accrue token silently. There its not showing the Application Roles — Kotha

Pamela Peng Pamela Peng · Accepted Answer · 2021-01-05T07:05:03

The app roles are defined in your client app, in which case the app roles will be included in the id token.

If you want to get app roles in the access token, you need to define the roles in your Azure AD app of API. And it only supports calling your own API, but not the MS Graph API.

You defined the roles in the client app and called the Microsoft Graph API based on the example you mentioned. So the app roles are in the id token but not the access token.

For more information, see the similar issue.

Emiting Roles in JWT Token from Azure AD

2 Answers