堆栈内存溢出
  简体   繁体   English

通过 Laravel azure ad oauth 从 Azure AD 获取用户角色

[英]Get the user role from Azure AD by Laravel azure ad oauth

 原文  2020-02-19 06:10:30       php/ laravel/ azure/ oauth/ azure-active-directory

问题描述

I am trying to get the role form Azure AD by using metrogistics/laravel-azure-ad-oauth socialiate plugin.我正在尝试使用 Metrogistics/laravel-azure-ad-oauth socialiate 插件从 Azure AD 中获取角色。

I got the name and email and azure_id from the Azure.我从 Azure 获得了姓名、电子邮件和 azure_id。 But I can't get the user role.但我无法获得用户角色。

user: array:12 [
    "@odata.context" => "https://graph.microsoft.com/v1.0/$metadata#users/$entity"
    "businessPhones" => []
    "displayName" => "Test4"
    "givenName" => "Test4"
    "jobTitle" => null
    "mail" => null
    "mobilePhone" => null
    "officeLocation" => null
    "preferredLanguage" => null
    "surname" => null
    "userPrincipalName" => "test4@xyz.com"
    "id" => "xyz"
  ]

It is possible to get the role from Azure.可以从 Azure 获取角色。 My setup :我的设置:

image1 image2 image3图像1图像2图像3

2 个解决方案

解决方案1
 0  2020-02-21 01:33:16

According to my research, the defined AppRole will be returned in id_token.根据我的研究,定义的 AppRole 将在 id_token 中返回。 For more details, please refer to the official documentation and the document更多详情请参考官方文档文档

在此处输入图片说明

Regarding how to get the user's id token, you can use Azure AD OAuth 2.0 authorization code flow to implement it.关于如何获取用户的id token,可以使用Azure AD OAuth 2.0授权码流来实现。 Here I use postman to acquire access_token and id_token:这里我使用postman获取access_token和id_token:

在此处输入图片说明

And then I can get the id_token然后我可以得到 id_token

在此处输入图片说明

By analyzing the id token, you can get the role of the user:通过分析id token,可以得到用户的角色:

在此处输入图片说明

Update更新

Regarding how to assign app role to user, please refer to the following steps关于如何为用户分配应用角色,请参考以下步骤

  1. Declare app roles声明应用角色在此处输入图片说明 在此处输入图片说明

  2. Assign role to user为用户分配角色

    a.一种。 In the Azure Active Directory pane, select Enterprise applications from the Azure Active Directory left-hand navigation menu.Azure Active Directory窗格中,从 Azure Active Directory 左侧导航菜单中选择企业应用程序

    b.Select All applications to view a list of all your applications.选择所有应用程序以查看所有应用程序的列表。 If you do not see the application you want show up here, use the various filters at the top of the All applications list to restrict the list or scroll down the list to locate your application.如果您没有在此处看到想要显示的应用程序,请使用“所有应用程序”列表顶部的各种过滤器来限制列表或向下滚动列表以找到您的应用程序。

    c. C。 assign role分配角色在此处输入图片说明

解决方案2
 0  2020-02-21 23:42:33

What you have is an app role , and as the name suggests, they belong to an application.您拥有的是一个应用程序角色,顾名思义,它们属于一个应用程序。 Merely seeking a user's object from Microsoft Graph wouldn't provide those.仅仅从 Microsoft Graph 中寻找用户的对象不会提供这些。

And yes, as indicated in another answer, they will be provided to the application in an id_token after the user sign's in.是的,如另一个答案所示,它们将在用户登录后以 id_token 的形式提供给应用程序。

To fetch those independently of an app, use the Get appRoleAssignment Api.要独立于应用程序获取这些内容,请使用Get appRoleAssignment Api。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Microsoft Azure AD oauth标识用户的角色和用户所属的组(组织单位) - Microsoft Azure AD oauth identify user's role and group (orgunit) which user belong to Laravel 和 Azure 广告 SSO - Laravel and Azure ad SSO 在PHP中获取Azure AD用户角色 - Get Azure AD User Roles In PHP 如何获取已登录用户的Azure AD访问令牌? - How to get Azure AD access token for already logged in user? 适用于Azure AD租户/用户数的PHP Api - PHP Api for Azure AD tenant/User Count 按租户和应用 ID 创建 Azure AD 用户 - Create Azure AD user by tenant and app ID 在 php 中获取 azure 广告登录用户名 - get azure ad login username in php 在Azure上进行AD / Windows身份验证 - AD / Windows authentication on Azure Microsoft Azure AD筛选 - Microsoft Azure AD Filtering Azure AD OAuth访问令牌请求::: 400-错误请求 - Azure AD OAuth Access Token Request ::: 400 - Bad Request
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM