adal - Azure AD: How to get group information in token? -

-

we have application developed in mean stack. using adal-agular library azure ad authentication. per documentation , sample

adal.js uses oauth implicit flow communicate azure ad. must enable implicit flow application.

however when enable implicit flow, azure ad does not include group information in token. issue has been discussed here in detail , confirmed @vibronet

question
azure ad functionalities have been changing everyday, above answers still valid? still have enable implicit flow of our application? want group information in token (i dont want use graph api solution.)

another reason asking question because disabled implicit flow , user still able access application. still don't see group information in token.

impossible without calling graph be:

here discussion: https://github.com/azuread/azure-activedirectory-library-for-js/issues/239

if hasgroups claim doesn't exist in id_token - groups id_token. if exists - call graph

example azure ad 2.0 endpoint:

        using microsoft.identity.client;          ...          //obtaining access token id token...          var redirecturi = "http://localhost";         var authority = @"https://login.microsoftonline.com/common/v2.0";         var clientid = "00000000-0000-0000-0000-000000000000";         var userobjectid = "00000000-0000-0000-0000-000000000000"; //from id_token         var idtoken = "ey-- id token js side";         var appkey = "client secret here";          var cc = new clientcredential(appkey);         var cca = new confidentialclientapplication(clientid, authority, redirecturi, cc, null, null);         var ua = new userassertion(idtoken, "urn:ietf:params:oauth:grant-type:jwt-bearer");         var authresult = await cca.acquiretokenonbehalfofasync(new[] { "user.read", "group.read.all" }, ua); //make sure - here 1 user consented scope (shuld requested fronend side) , 1 - admin consented          var accesstoken = authresult.accesstoken;          // , calling ms graph...          var requesturl = $"https://graph.microsoft.com/v1.0/users/{userobjectid}/getmembergroups";          // prepare , make post request         httpresponsemessage response;         using (var client = new httpclient())         {             using (var request = new httprequestmessage(httpmethod.post, requesturl))             {                 request.headers.authorization = new authenticationheadervalue("bearer", accesstoken);                 var content = new stringcontent("{\"securityenabledonly\": \"true\"}");                 content.headers.contenttype = new mediatypeheadervalue("application/json");                 request.content = content;                 response = await client.sendasync(request);             }         }          var groupobjectids = new list<string>();          // endpoint returns json array of group objectids         if (response.issuccessstatuscode)         {             var responsecontent = await response.content.readasstringasync();             var groupsresult = json.decode(responsecontent).value;              foreach (string groupobjectid in groupsresult)                 groupobjectids.add(groupobjectid);         }          return groupobjectids;

Comments

Post a Comment

Popular posts from this blog

html - Styling progress bar with inline style -

-
i trying set progress bar color red using inline style. need in way because have access <body> part of document. style need apply: progress { color: red } progress::-moz-progress-bar { background: red;} progress::-webkit-progress-value { background: red; } progress[aria-valuenow]:before { background: red; } i tried <progress style="background: red;"> incorrect effect, progress bar color turns blue red background. guide right direction desired style? thank in advance. here live example: https://jsfiddle.net/z36d3f6l/
Read more

java - Oracle Sql developer error: could not install some modules -

-
i have downloaded fresh copy of sqldeveloper ( sqldeveloper-4.1.3.20.78-no-jre ) oracle website. when unzip , lauch gui, keep getting following error message: warning - not install modules: dynamic module config - no module providing capability org.netbeans.netbinox found. my system: windows 7 32 bit hp probook. jdk 1.6 , 1.7, 1.8 available in java/jdk subdirectory. netbeans 8.0.2 installed finally got way out after dirty hours. extracted sqldeveloper zip in nested directory. i.e: e://a/b/c/sqldeveloper. starting sqldeveloper gui above directory threw erros. solution: go in c:\users**username**\appdata\roaming : delete sql developer , sqldeveloper folders extract sql developer zip in new non nested directory. i.e: e:// start , should work now reference: https://community.oracle.com/thread/3870680?start=0&tstart=0
Read more

How to use autoclose brackets in Jupyter notebook? -

-
this may sound silly question, how make use of autoclose brackets in jupyter notebook? example, when type print( jupyter notebook auto-closes brakets print() and places cursor inside. type argument, say print(1 + 1) now cursor between second 1 , right bracket ) . key navigate right of ) ? of course can press end or → or ) achieve this, not seem save time, purpose of brackets autoclose suppose? thanks in advance.
Read more