Our great sponsors
-
active-directory-aspnetcore-webapp-openidconnect-v2
An ASP.NET Core Web App which lets sign-in users (including in your org, many orgs, orgs + personal accounts, sovereign clouds) and call Web APIs (including Microsoft Graph)
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
Azure AD can be configured to provide roles and group membership information as part of the OpenID Connect ID tokens (encoded as JWTs) it returns during the auth flow. It doesn't look like the NextAuth Azure AD provider supports reading these claims from the ID token, but it looks like you can configure a custom provider instead that has access to the ID token. You'll probably have to play around with the options a bit, but it looks like setting idToken: true should make the claims from the ID token available in the profile function you define in the NextAuth custom provider.
See also the Azure AD ID token claims reference for fields you can expect to see in the decoded ID token, as well as this ASP.NET Example that talks about how to configure Azure to provide the roles/group membership info in its ID tokens.
Related posts
- Streamlining Role-Based Access Control in Next.js with Descope and Auth.js: A Step-by-Step Guide
- Nextauth.js: Use <SessionProvider /> in Next.js "app" directory
- NextAuth with AWS Cognito Email & Google Sign in
- Handling OAuth 2 Sign-In and Sign-Up Distinctly with NextAuth.js
- Setting up Next.js with NextAuth, Prisma and "Credentials" Auth Provider