staticwebdev / roles-function Goto Github PK
View Code? Open in Web Editor NEWHome Page: https://docs.microsoft.com/azure/static-web-apps/assign-roles-microsoft-graph
Home Page: https://docs.microsoft.com/azure/static-web-apps/assign-roles-microsoft-graph
Hi!
We are using this solution for our template repo, and we have noticed some trouble with the role assignment. From within the same AD group, most users receive the custom role we defined, but a few don't. I believe the problem is caused by there being a max limit of 100 objects being returned when calling the graph-API. After that, you have to use paging.
By playing around in the graph-explorer, I tried modifying the JS-code by instead calling const url = new URL(`https://graph.microsoft.com/v1.0/me/memberOf/${groupId}`);
, hoping that the API would only return the relevant object. This worked in the graph-explorer, but did unfortunately not solve the issue for my users.
In the js example the accessToken is pulled from req.body.accessToken
In C# the req.Body is a Stream which is empty every time I try to read from it.
I have used the auth as part of my staticwebapp.config.json. and added GetRoles to my api folder. I have done all the setup on Azure as well. I have a Falcon project which I can login (authorized) with the strategy explained here: https://docs.microsoft.com/en-us/azure/static-web-apps/assign-roles-microsoft-graph.
But I cannot get authenticated! /.auth/me only return the default roles; none of the roles I defined in GetRoles/index.js under roleGroupMappings are picked!
Hi,
I am hosting the back end in azure app container. I'm trying to host there the get roles api too.
Is that possible?
I tried with both v1 and v2 versions config for the azure active directory (see below) but i always get an empty request body.
I'm receiving an empty req.body. Do you know if it is possible?
Is it related to this?
Azure/static-web-apps#988
"auth": {
"rolesSource": "/api/getroles",
"identityProviders": {
"azureActiveDirectory": {
"registration": {
"openIdIssuer": "https://login.microsoftonline.com/<tenantid>/v2.0",
"clientIdSettingName": "AZURE_CLIENT_ID",
"clientSecretSettingName": "AZURE_CLIENT_SECRET"
},
"login": {
"loginParameters": [
"scope=openid profile email https://graph.microsoft.com/User.Read"
]
}
}
}
}
and
"auth": {
"rolesSource": "/api/getroles",
"identityProviders": {
"azureActiveDirectory": {
"userDetailsClaim": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
"registration": {
"openIdIssuer": "https://login.microsoftonline.com/<tenantid>",
"clientIdSettingName": "AZURE_CLIENT_ID",
"clientSecretSettingName": "AZURE_CLIENT_SECRET"
},
"login": {
"loginParameters": [
"resource=https://graph.microsoft.com"
]
}
}
}
},
The example in the tutorial and this repo use the OpenID 1.0 protocol, with high-level access to resources. As MS now recommends using the newer version, can this tutorial be updated to reflect this?
I ask because I've not been able to get this to work successfully.
"auth": {
"rolesSource": "/api/getRoles",
"identityProviders": {
"azureActiveDirectory": {
"userDetailsClaim": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name",
"registration": {
"openIdIssuer": "https://login.microsoftonline.com/[TENANT_ID]/v2.0",
"clientIdSettingName": "AAD_CLIENT_ID",
"clientSecretSettingName": "AAD_CLIENT_SECRET"
},
"login": {
"loginParameters": [
"scope=https%3A%2F%2Fgraph.microsoft.com%2Fopenid%20https%3A%2F%2Fgraph.microsoft.com%2Fprofile"
]
}
}
}
}
A request like this, moving to v2 openIdIssuer and swapping the loginParameters
from resource to scope
gives me a 403 and being unable to log in to the application as it doesn't have an email
.
Is there a way to get this to work?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.