stackoom
  简体   繁体   中英

Get the user role from Azure AD by Laravel azure ad oauth

 原文  2020-02-19 06:10:30       php/ laravel/ azure/ oauth/ azure-active-directory

Question

I am trying to get the role form Azure AD by using metrogistics/laravel-azure-ad-oauth socialiate plugin.

I got the name and email and azure_id from the Azure. But I can't get the user role.

user: array:12 [
    "@odata.context" => "https://graph.microsoft.com/v1.0/$metadata#users/$entity"
    "businessPhones" => []
    "displayName" => "Test4"
    "givenName" => "Test4"
    "jobTitle" => null
    "mail" => null
    "mobilePhone" => null
    "officeLocation" => null
    "preferredLanguage" => null
    "surname" => null
    "userPrincipalName" => "test4@xyz.com"
    "id" => "xyz"
  ]

It is possible to get the role from Azure. My setup :

image1 image2 image3

2 answers

solution1
 0  2020-02-21 01:33:16

According to my research, the defined AppRole will be returned in id_token. For more details, please refer to the official documentation and the document

在此处输入图片说明

Regarding how to get the user's id token, you can use Azure AD OAuth 2.0 authorization code flow to implement it. Here I use postman to acquire access_token and id_token:

在此处输入图片说明

And then I can get the id_token

在此处输入图片说明

By analyzing the id token, you can get the role of the user:

在此处输入图片说明

Update

Regarding how to assign app role to user, please refer to the following steps

  1. Declare app roles在此处输入图片说明 在此处输入图片说明

  2. Assign role to user

    a. In the Azure Active Directory pane, select Enterprise applications from the Azure Active Directory left-hand navigation menu.

    b.Select All applications to view a list of all your applications. If you do not see the application you want show up here, use the various filters at the top of the All applications list to restrict the list or scroll down the list to locate your application.

    c. assign role在此处输入图片说明

solution2
 0  2020-02-21 23:42:33

What you have is an app role , and as the name suggests, they belong to an application. Merely seeking a user's object from Microsoft Graph wouldn't provide those.

And yes, as indicated in another answer, they will be provided to the application in an id_token after the user sign's in.

To fetch those independently of an app, use the Get appRoleAssignment Api.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Microsoft Azure AD oauth identify user's role and group (orgunit) which user belong to Laravel and Azure ad SSO Get Azure AD User Roles In PHP How to get Azure AD access token for already logged in user? PHP Api for Azure AD tenant/User Count Create Azure AD user by tenant and app ID get azure ad login username in php AD / Windows authentication on Azure Microsoft Azure AD Filtering Azure AD OAuth Access Token Request ::: 400 - Bad Request
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM