adal - Azure AD: How to get group information in token? -

-

we have application developed in mean stack. using adal-agular library azure ad authentication. per documentation , sample

adal.js uses oauth implicit flow communicate azure ad. must enable implicit flow application.

however when enable implicit flow, azure ad does not include group information in token. issue has been discussed here in detail , confirmed @vibronet

question
azure ad functionalities have been changing everyday, above answers still valid? still have enable implicit flow of our application? want group information in token (i dont want use graph api solution.)

another reason asking question because disabled implicit flow , user still able access application. still don't see group information in token.

impossible without calling graph be:

here discussion: https://github.com/azuread/azure-activedirectory-library-for-js/issues/239

if hasgroups claim doesn't exist in id_token - groups id_token. if exists - call graph

example azure ad 2.0 endpoint:

        using microsoft.identity.client;          ...          //obtaining access token id token...          var redirecturi = "http://localhost";         var authority = @"https://login.microsoftonline.com/common/v2.0";         var clientid = "00000000-0000-0000-0000-000000000000";         var userobjectid = "00000000-0000-0000-0000-000000000000"; //from id_token         var idtoken = "ey-- id token js side";         var appkey = "client secret here";          var cc = new clientcredential(appkey);         var cca = new confidentialclientapplication(clientid, authority, redirecturi, cc, null, null);         var ua = new userassertion(idtoken, "urn:ietf:params:oauth:grant-type:jwt-bearer");         var authresult = await cca.acquiretokenonbehalfofasync(new[] { "user.read", "group.read.all" }, ua); //make sure - here 1 user consented scope (shuld requested fronend side) , 1 - admin consented          var accesstoken = authresult.accesstoken;          // , calling ms graph...          var requesturl = $"https://graph.microsoft.com/v1.0/users/{userobjectid}/getmembergroups";          // prepare , make post request         httpresponsemessage response;         using (var client = new httpclient())         {             using (var request = new httprequestmessage(httpmethod.post, requesturl))             {                 request.headers.authorization = new authenticationheadervalue("bearer", accesstoken);                 var content = new stringcontent("{\"securityenabledonly\": \"true\"}");                 content.headers.contenttype = new mediatypeheadervalue("application/json");                 request.content = content;                 response = await client.sendasync(request);             }         }          var groupobjectids = new list<string>();          // endpoint returns json array of group objectids         if (response.issuccessstatuscode)         {             var responsecontent = await response.content.readasstringasync();             var groupsresult = json.decode(responsecontent).value;              foreach (string groupobjectid in groupsresult)                 groupobjectids.add(groupobjectid);         }          return groupobjectids;

Comments

Post a Comment

Popular posts from this blog

Django REST Framework perform_create: You cannot call `.save()` after accessing `serializer.data` -

-
i have following viewset: class artistprofileviewset(viewsets.modelviewset): queryset = artistprofile.objects.all() serializer_class = artistprofileserializer def perform_create(self, serializer): if serializer.is_valid(): serializer.save() with following serializers: class simpleartisttrackserializer(serializers.hyperlinkedmodelserializer): class meta: model = artisttrack fields = (...my fields...) class artistprofileserializer(serializers.hyperlinkedmodelserializer): owners = userserializer(many=true, required=false) tracks = simpleartisttrackserializer(many=true, required=false) class meta: model = artistprofile fields = (...my fields...) i getting following error: assertionerror: cannot call `.save()` after accessing `serializer.data`.if need access data before committing database inspect 'serializer.validated_data' instead. i don't see editing serializer.data object. th...
Read more

Why does Go error when trying to marshal this JSON? -

-
i'm trying rather simple example of trying decode json file structs using golang. however, when attempting error that json: cannot unmarshal object go value of type []main.track which don't understand. here's code in question, , json can found here . package main import ( "encoding/json" "fmt" "net/http" "os" ) // tracks group of track types type tracks struct { tracks []track } // track represents singular track type track struct { name string url string artist artist } // artist represents single artist type artist struct { name string mbid string url string } func main() { url := "http://ws.audioscrobbler.com/2.0/?method=geo.gettoptracks&api_key=c1572082105bd40d247836b5c1819623&format=json&country=netherlands" response, err := http.get(url) if err != nil { fmt.printf("%s\n", err) os.exit(1) } de...
Read more