1

I am using react-aad-masl module to integrate Microsoft SSO in my react application. I am able to redirect my user to Microsoft login page and after that its coming back to my page with token. After that its only returning accountInfo that contain User name and email ID. I have a requirement to get user other details as well like ID, first name, last name, Group, etc.

These all details will come through this Azure AD MASL or i need to do Graph API call?

Below is my implementation

//authProvider.js

import { MsalAuthProvider, LoginType } from 'react-aad-msal';
import { Logger, LogLevel } from "msal";

// Msal Configurations
const config = {
  auth: {
    authority: 'https://login.microsoftonline.com/*********',
    clientId: '*************',
    redirectUri: 'http://localhost:3000/'
  },
  // Enable logging of MSAL events for easier troubleshooting.
  // This should be disabled in production builds.
  system: {
    logger: new Logger(
      (logLevel, message, containsPii) => {
        console.log("[MSAL]", message);
      },
      {
        level: LogLevel.Verbose,
        piiLoggingEnabled: false
      }
    )
  },
  cache: {
    cacheLocation: "sessionStorage",
    storeAuthStateInCookie: true
  }
};
 
// Authentication Parameters
const authenticationParameters = {
  scopes: [
    'user.read',
    'profile',
    'openid'
    //'profile.read', 
    // 'User.Read.All',
    // 'Group.Read.All',
    // 'User.ReadBasic.All',
    // 'Group.Read'
  ]
}
 
// Options
const options = {
  loginType: LoginType.Redirect,
  tokenRefreshUri: window.location.origin + '/auth.html'
}
 
export const authProvider = new MsalAuthProvider(config, authenticationParameters, options)

//APP.js

<AzureAD provider={authProvider}  forceLogin={false}>
      {(abc) => {
          console.log('>>>>>>>>>>>>...', abc);
          
          props.setAccountInfo(abc.accountInfo.account);
          return <AppRouter />
      }}
      </AzureAD>

Here in abc i am getting below information

enter image description here

Please help me in this

Puneet Bhandari
  • 337
  • 5
  • 14

1 Answers1

2

You need to configure the optional claims in the application token configuration for First Name, Last Name.

enter image description here

Please go through the documentation for more information

Regarding the group information please check this document

Raghavendra beldona
  • 1,937
  • 1
  • 4
  • 9
  • Raghavendra - thanks for your response, in this claims is there a way to get User ID and Group as well? Because mainly i need these 2 attributes for user. Also this information will be available under accountInfo property? – Puneet Bhandari Jul 24 '20 at 15:15
  • you can get the approles by making changes in the app manifest. Please refer the [document](https://learn.microsoft.com/en-us/azure/active-directory/develop/reference-app-manifest#approles-attribute) and for security groups please refer [document](https://learn.microsoft.com/en-us/azure/active-directory/develop/reference-app-manifest#approles-attribute) . In the Token 'oid' is the unique user id across the tenant and if a single user exists in multiple tenants, the user will contain a different object ID in each tenant – Raghavendra beldona Jul 27 '20 at 19:59
  • Raghavendra - If i update manifest file then i will be able to get approles in accountInfo itself form Azure AD or i will need to do separate graph API call – Puneet Bhandari Aug 05 '20 at 07:47
  • with the manifest changes for app roles you will be able to get the roles information in the token. No need of graph api call – Raghavendra beldona Aug 05 '20 at 07:52