Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Azure AD and Azure AD B2C application roles using Application role manager with Microsoft Identity platform
See original GitHub issueIs there an existing issue for this?
- I have searched the existing issues
Is your feature request related to a problem? Please describe the problem.
Using Microsoft Identity platform is very powerful but I’m missing roles when using Azure AD B2C. Using normal Azure AD it works very smooth with either Azure AD App Roles or Azure AD security groups. Tried searching for Role Based Access Control / RBAC for AD B2C but I could not find any official sample. I also tried to add "groupMembershipClaims": "SecurityGroup" to AD B2C manifest but nothing is added to access_token, id_token, profile_info or refresh_token on login.
There are no samples for this in the https://github.com/azure-ad-b2c/samples either.
Azure AD docs has a section about application roles and gives a theoretic example with Roles using an application role manager but no code examples how it could be implemented.
With this approach, application roles are not stored in Azure AD at all. Instead, the application stores the role assignments for each user in its own DB — for example, using the RoleManager class in ASP.NET Identity.
I know you can create extension attributes like this example:
https://stackoverflow.com/a/70427209/3850405
Use API connectors to augment tokens:
https://github.com/azure-ad-b2c/api-connector-samples
Get groups via Microsoft Graph and add them via OnTokenValidated
https://stackoverflow.com/a/71054154/3850405
Custom (IEF) policies:
https://devblogs.microsoft.com/premier-developer/using-groups-in-azure-ad-b2c/ -> URL then leads to a stopped web abb
Since AD B2C does not expose any functionality related to Security Groups out-of-the-box I think this is a big drawback and obstacle for adopting AD B2C. Azure AD App Roles requires Azure AD Premium and is out of the question in this case.
Describe the solution you’d like
Write a complete example with application roles using Application role manager where the application stores the role assignments for each user in its own DB.
Additional context
No response
Issue Analytics
- State:
- Created 8 months ago
- Comments:5 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
@rafikiassumani-msft @jmprieur I’m missing an answer on my comment. Please remove
Resolution: Answeredlabel and open again.This issue has been resolved and has not had any activity for 1 day. It will be closed for housekeeping purposes.
See our Issue Management Policies for more information.