Partage via

OIDC Authentication - Roles Not Included in UserInfo Response

alaa mzoughi 0 Points de réputation
2025-01-28T14:26:48.07+00:00

Hello Azure Community,

We are currently facing an issue with our OIDC authentication setup in Azure AD, where user roles are not being returned in the UserInfo response.

What We Have Done So Far:

  • Configured App Roles under our Azure AD application and assigned them to users/groups.
  • Granted the following Microsoft Graph API permissions (Delegated):
    • Group.Read.All (Admin consent granted)
    • email
    • openid
    • User.Read
    • Verified that admin consent has been properly granted for all required permissions.
    • Tested the authentication flow, but roles do not appear in the UserInfo endpoint response.

Issue:

Even though roles are properly assigned in App Roles, they are not being returned when fetching user information via the /userinfo endpoint in the OIDC authentication flow.

Question:

  • How can we ensure that the roles assigned via App Roles are included in the OIDC UserInfo response?
  • Are there additional configurations needed to retrieve roles in the authentication token?
  • Has anyone successfully retrieved app roles in the OIDC UserInfo endpoint response, and if so, what was your approach?

I have attached screenshots of our App Roles and API permissions setup for reference.

Any guidance or insights from the community would be greatly appreciated!

Thanks in advanceScreenshot 2025-01-27 at 12.07.59

Screenshot 2025-01-27 at 13.31.22

image001 (3)

Azure
Azure
Plateforme et infrastructure de cloud computing pour la génération, le déploiement et la gestion d’applications et de services à travers un réseau mondial de centres de données gérés par Microsoft.
377 questions
0 commentaires

Votre réponse

Les réponses peuvent être marquées comme réponses acceptées par l’auteur de la question, ce qui aide les utilisateurs à savoir que la réponse a résolu le problème de l’auteur.