Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Change type of `idTokenClaims` for direct access

See original GitHub issue

Core Library

MSAL.js v2 (@azure/msal-browser)

Wrapper Library

MSAL Angular (@azure/msal-angular)

Description

If the idTokenClaims are set on an account, it’s recognized as an object. This means you cannot access it’s members (roles doesn't exist on object). With the following work-around I’m able to access the properties in the identity token.

// Doesn't work
const roles = account.idTokenClaims.roles;
// or
const roles2 = account.idTokenClaims['roles'];
// this does work
const claims = account.idTokenClaims as { [key: string]: any };
const roles3 = claims.roles;
// and this does also work:
const roles4 = claims['roles'];

The type { [key: string]: any } is valid for each json document, and since the idTokenClaims are always represented as json, this would be a better description, and allow access to all the claims without manually changing the type. It would also support future claims that are not known yet.

An alternative would be to create something like this, but that requires more maintenance:

declare type IdentityToken {
  aud?: string;
  exp?: number;
  iss?: string;
  name?: string;
  roles?: string[];
}

// Or supporting both methods
declare type IdentityTokenExtension  = IdentityToken & {  [key: string]: any; }

Source

External (Customer)

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:8 (7 by maintainers)

github_iconTop GitHub Comments

1reaction
msftbot[bot]commented, May 2, 2022

🎉This issue was addressed in #4680, which has now been successfully released as @azure/msal-common@v6.3.0.🎉

We recommend upgrading to the latest version of @azure/msal-browser or @azure/msal-node to take advantage of this change.

Handy links:

0reactions
svrooijcommented, Apr 14, 2022

@sameerag all tests are checked in the PR and are still green

Read more comments on GitHub >

github_iconTop Results From Across the Web

Identity, Claims, & Tokens – An OpenID Connect Primer, Part ...
This blog series is a primer on OIDC. In this first post, we'll review some key concepts around OIDC and tokens, explained in...
Read more >
@azure/msal-common | microsoft-authentication-libraries-for-js
idTokenClaims - Object contains claims from ID token; localAccountId - The user's account ID; nativeAccountId - The user's native account ID ...
Read more >
Configure group claims for applications by using Azure Active ...
For each relevant token type, modify the group claim to use the optionalClaims ... Emit groups as group names in OAuth access tokens...
Read more >
ID Tokens - Auth0
Describes how ID Tokens are used in token-based authentication to cache user profile information and provide it to a client application.
Read more >
OpenID Connect Core 1.0 incorporating errata set 1
When using the Authorization Code Flow, these additional requirements for the following ID Token Claims apply: at_hash: OPTIONAL. Access ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Logout redirecting 3 or more times

Next page

login.live.com CORS error