我正在处理客户端凭证流来验证两个应用程序,但我想在访问令牌中添加一些信息。我们可以自定义声明并将其包含在访问令牌中吗?
我尝试在我的环境中复制相同的内容,以便在Azure AD中创建自定义声明
请按照以下步骤获取访问令牌
您可以像下面这样获得服务主体ID的对象ID
Azure Portal>Azure Active Directory>Enterprise application>选择您的应用程序
(https://i.stack.imgur.com/5KEcs.png)
像下面这样更改清单中的值
(https://i.stack.imgur.com/gIn3f.png)
使用如下的powershell创建策略
$Policy = New-AzureADPolicy -Definition @('{"ClaimsMappingPolicy":{"Version":1,"IncludeBasicClaimSet":"true", "ClaimsSchema": [{"Source":"user","ID":"customvalue","JwtClaimType":"customclaim"}]}}') -DisplayName "Demo123" -Type "ClaimsMappingPolicy"
Add-AzureADServicePrincipalPolicy -RefObjectId $Policy.Id -Id '<Service Principle ID>'
(https://i.stack.imgur.com/fepdC.png)
生成代码并复制代码以通过postman
生成令牌https://login.microsoftonline.com/Tenant ID/v2.0/authorize?
&client_id=Client ID&response_type=code
&redirect_uri=https://jwt.ms
&response_mode=query
&scope=https://graph.microsoft.com/.default
&state=12345
(https://i.stack.imgur.com/htfsK.png)
请更改Postman中的值以生成Token
(https://i.stack.imgur.com/QZSk5.png)
从postman
复制不带引号的访问令牌值(https://i.stack.imgur.com/N80kf.png)
解码jwt.ms
中相同的访问令牌值(https://i.stack.imgur.com/sD1Bo.png)