2

I have a rest client application and I want to be able to get an access token from ADFS /token endpoint for that client. The client will be used by existing AD Users, and I want to get the Group Membership of the AD User in the access token.

How can I send my AD User Credentials to ADFS and get the AD Group Membership Info of that AD User in the access token as claims?

I know the solution for the case of "/authorize endpoint and entering the credentials in the login popup". What I am asking is how to do that with a client app where the credentials should be somehow encoded and sent to adfs /token endpoint.

EngelbertCoder
  • 777
  • 2
  • 9
  • 29

1 Answers1

0

You should review https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/overview/ad-fs-openid-connect-oauth-flows-scenarios as that has details of the supported flows and samples for those scenarios.

What you are asking to do is the Resource owner password credential flow and is not recommended. https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/overview/ad-fs-openid-connect-oauth-flows-scenarios#resource-owner-password-credentials-grant-flow-not-recommended

maweeras
  • 783
  • 4
  • 12