如何在令牌请求时向Azure AD访问令牌(JWT)添加自定义声明?

时间:2019-01-30 23:15:52

标签: java azure oauth-2.0 azure-active-directory adal4j

Azure AD当前的JWT具有以下结构:

AzureAD JWT:

{
  "aud": "a5aa555a-aa55-5aaa-5a55-555a5aa55a5a",
  "iss": "https://sts.windows.net/a5aa555a-aa55-5aaa-5a55-555a5aa55a5a/",
  "iat": 1547084136,
  "nbf": 1547084136,
  "exp": 1547089036,
  "acr": "1",
  "aio": "aaaaaaaaaaaaa==",
  "appid": "a5aa555a-aa55-5aaa-5a55-555a5aa55a5a",
  "appidacr": "1",
  "email": "bob@bob.com",
  "idp": "https://sts.windows.net/a5aa555a-aa55-5aaa-5a55-555a5aa55a5a/",
  "ipaddr": "192.168.1.1",
  "name": "Bob Bob",
  "oid": "a5aa555a-aa55-5aaa-5a55-555a5aa55a5a",
  "roles": [],
  "scp": "Directory.AccessAsUser.All User.Read",
  "sub": "a5aa555a-aa55-5aaa-5a55-555a5aa55a5a",
  "tid": "a5aa555a-aa55-5aaa-5a55-555a5aa55a5a",
  "unique_name": "bob@bob.com",
  "uti": "kjkugiugi",
  "ver": "1.0"
}

我想添加一些额外的声明,例如departmentIdsomeOtherCustomInfo。我想在令牌请求中执行此操作,但没有此预设。我该怎么办?

当前,我使用ADAL4J来获取令牌:

//Represents the authority we are asking to provide tokens
AuthenticationContext context = new AuthenticationContext(
    authority,
    true,
    Executors.newFixedThreadPool( numInPool )
);

Future<AuthenticationResult> future = context
    .acquireTokenByAuthorizationCode(
        authCode,
        new URI( redirectUri ),
        credentials,
        resource,
        null
    );

AuthenticationResult authResult = future.get();

//The token
String token = authResult.getAccessToken();

1 个答案:

答案 0 :(得分:0)

Azure AD发出的JWT令牌(无论它是访问令牌还是id令牌)除了电子邮件地址和其他某些字段外都没有包含很多有用的信息。

然后,除了JWT令牌中存在的默认声明之外,我们还需要更多声明作为JWT令牌的一部分。

我们可以使用自定义声明映射功能。有关更多信息,请通过下面的链接

How to: Customize claims emitted in tokens for a specific app in a tenant