Implicit Grant flow and group membership within ID_TOKEN

Posted on 24 May 2017 by Stephane Eyskens

Hi,

I recently realized thanks to a colleague @MMeuree, that the ID_TOKEN that’s supposed to contain the group membership as shown below:

idtoken

does not list more than 4 groups (here I grabbed the token using another flow). So, if the user belongs to more than 4 groups, you’re going to see hasgroups: true as part of the token instead of the actual groups. This behavior is by design no matter what you specified in the App manifest with regards to the groupMembershipClaims attribute. So, the alternative is simply to query the Graph API.

Happy Coding!

About Stephane Eyskens

Office 365, Azure PaaS and SharePoint platform expert
This entry was posted in Azure, Azure Active Directory and tagged , , . Bookmark the permalink.

2 Responses to Implicit Grant flow and group membership within ID_TOKEN

  1. doaa says:
    20 January 2020 at 14 h 19 min

    How I can brong this list of groups where it is more than 4 from usinh angular

    Like

    Reply

Leave a comment