Table of Contents

Generating principal

While working locally you still want to test the different identities and possibly claims that are put on the identity in combination. The backend part of the identity system is relying on the following HTTP headers being set:

Header Description
x-ms-client-principal The token holding all the details, base64 encoded Microsoft Client Principal Data definition
x-ms-client-principal-id The unique identifier from the identity provider for the identity
x-ms-client-principal-name The name of the identity, typically resolved from claims within the token

Once these are set and the x-ms-client-principal is in the expected format, it will pass these onto your identity details provider.

The expected format needs to be according to the Microsoft Client Principal Data definition. To simulate users, all you have to do is generate the correct values and use an extension for your browser to set the HTTP request headers.

{
  "identityProvider": "aad",
  "userId": "e7f664ca-4ecc-45be-84cf-74b6240d049a",
  "userDetails": "jane@doe.io",
  "userRoles": ["anonymous", "authenticated"],
  "claims": [{
    "typ": "socialno",
    "val": "12345678901"
  }, {
    "typ": "surname",
    "val": "Doe"
  }, {
    "typ": "givenname",
    "val": "Jane"
  }]
}

Basically what you then need to do is generate something that matches that structure and Base64 encode it. If you're using VSCode, you could use an extension for doing the base 64 encoding. As an alternative, you could also use an online base64 encoder like this.

For the above structure that would become:

ewogICJpZGVudGl0eVByb3ZpZGVyIjogImFhZCIsCiAgInVzZXJJZCI6ICJlN2Y2NjRjYS00ZWNjLTQ1YmUtODRjZi03NGI2MjQwZDA0OWEiLAogICJ1c2VyRGV0YWlscyI6ICJqYW5lQGRvZS5pbyIsCiAgInVzZXJSb2xlcyI6IFsiYW5vbnltb3VzIiwgImF1dGhlbnRpY2F0ZWQiXSwKICAiY2xhaW1zIjogW3sKICAgICJ0eXAiOiAic29jaWFsbm8iLAogICAgInZhbCI6ICIxMjM0NTY3ODkwMSIKICB9LCB7CiAgICAidHlwIjogInN1cm5hbWUiLAogICAgInZhbCI6ICJEb2UiCiAgfSwgewogICAgInR5cCI6ICJnaXZlbm5hbWUiLAogICAgInZhbCI6ICJKYW5lIgogIH1dCn0K

From the terminal on a Unix based operating system you could also generate it:

echo "{\"claims\":[{\"typ\":\"socialno\",\"val\":\"1234568790\"}" |base64

Which would generate:

eyJjbGFpbXMiOlt7InR5cCI6InNvY2lhbG5vIiwidmFsIjoiMTIzNDU2ODc5MCJ9Cg==

ModHeader

Once you have the principal as base64 you can put it directly as a header for the request.

In your browser you can use an extension such as ModHeader. It allows you to setup headers that can be added to the request. Use this to add the expected headers. The x-ms-client-principal-id is often just a Guid or an identifier that the source identity provider identifies the person with. While the x-ms-client-principal-name is often just an email address for the person.

Important: For the x-ms-client-principal you want to paste the base64 generated generated value and add a = at the end. This will make sure the base64 string is valid.

Pro-tip: With ModHeader you can create profiles. This is super useful if you want to be testing with different users and easily just switch between them.