I have a system where the client is using the Azure CLI token to do AA against a service. the service parses the JWT bearer token obtained send in the authorization header by the client.
The server then checks the group membership to see what groups the client is a part of.
The problem is that if the user is added or removed from a group they need to logout and back in again to have their local CLI include the group membership changes.
Anyone know of an Azure endpoint I could call from the server to get the current group membership? Or a anything to call on the CLI to get a new token with the updated group memberships?
You can hit MS Graph API using the az cli access token to get the latest group memberships of a user on the service side.
This is the endpoint to hit - https://graph.microsoft.com/v1.0/me/transitiveMemberOf/microsoft.graph.group?$count=true&$select=displayName
Make sure to pass an access token with Graph as the resource - az account get-access-token --resource-type ms-graph