Voici un exemple d’access token décodé et de ID token décodé.
Ici, j’ai configuré Azure AD pour qu’il renvoi le champ upn (entre autre).
Le principe est décrit ici: https://docs.microsoft.com/fr-fr/azure/active-directory/develop/active-directory-optional-claims#configuring-groups-optional-claims
Mais je peux aussi récupérer le login ou tout autre attribut via un appel à l’API Microsoft dans la méthode preLoadGrant.
Access token
{
“typ”: “JWT”,
“nonce”: “Mq85GOUCbOdUbLPj6Dg0uVEoXwfQqdul59tb3yE5dAc”,
“alg”: “RS256”,
“x5t”: “HlC0R12skxNZ1WQwmjOF_6t_tDE”,
“kid”: “HlC0R12skxNZ1WQwmjOF_6t_tDE”
}.{
“aud”: “00000003-0000-0000-c000-000000000000”,
“iss”: “https://sts.windows.net/3ec31dbb-6f03-4141-a210-63354b279757/”,
“iat”: 1581590321,
“nbf”: 1581590321,
“exp”: 1581594221,
“acct”: 0,
“acr”: “1”,
“aio”: “42NgYLALMYxb11bR9ebYTMGEyf6d12e7nl9pW2W/O6vpi92Fo98B”,
“amr”: [
“pwd”
],
“app_displayname”: “NAMe”,
“appid”: “1abed652-a82d-4f81-b813-5018232fcaa8”,
“appidacr”: “1”,
“family_name”: “Green”,
“given_name”: “Alice”,
“ipaddr”: “194.2.202.85”,
“name”: “Alice Green”,
“oid”: “96bc219c-5361-43d0-96e9-f448259d4035”,
“platf”: “3”,
“puid”: “1003200099B3E5A1”,
“scp”: “Directory.Read.All User.Read User.Read.All profile openid email”,
“signin_state”: [
“kmsi”
],
“sub”: “HPuGsG2poodsPyTThMOHptrmIt3XGsKpoeUsNlOZgS0”,
“tid”: “3ec31dbb-6f03-4141-a210-63354b279757”,
“unique_name”: “alice@epidead.onmicrosoft.com”,
“upn”: “alice@epidead.onmicrosoft.com”,
“uti”: “zFdBL-nRA0eGt44lvqydAA”,
“ver”: “1.0”,
“xms_st”: {
“sub”: “Q5IqbVBjeZIUtkBs9yLm-Mg3nhobR_N2y1XC7Sn6HLU”
},
“xms_tcdt”: 1580897789
}.[Signature]
ID Token
{
“typ”: “JWT”,
“alg”: “RS256”,
“kid”: “HlC0R12skxNZ1WQwmjOF_6t_tDE”
}.{
“aud”: “1abed652-a82d-4f81-b813-5018232fcaa8”,
“iss”: “https://login.microsoftonline.com/3ec31dbb-6f03-4141-a210-63354b279757/v2.0”,
“iat”: 1581591215,
“nbf”: 1581591215,
“exp”: 1581595115,
“acct”: 0,
“aio”: “ATQAy/8OAAAAGBGEpBylxNQpgormBkzkgS5rubTguO1oOe95y5r7if/YsaZyyFVpka9N/j86ErB/”,
“family_name”: “Green”,
“given_name”: “Alice”,
“groups”: [
“1eab7446-2bec-4600-b359-ca6d5a1261af”
],
“ipaddr”: “194.2.202.85”,
“name”: “Alice Green”,
“oid”: “96bc219c-5361-43d0-96e9-f448259d4035”,
“preferred_username”: “alice@epidead.onmicrosoft.com”,
“roles”: [
“Writer”
],
“sub”: “Q5IqbVBjeZIUtkBs9yLm-Mg3nhobR_N2y1XC7Sn6HLU”,
“tid”: “3ec31dbb-6f03-4141-a210-63354b279757”,
“upn”: “alice@epidead.onmicrosoft.com”,
“uti”: “xa3Dy54x8kCoQg0ySoSSAA”,
“ver”: “2.0”
}.[Signature]