Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How do you read Roles/Permissions using MSAL-ANGULAR

Tags:

permissions

angular

roles

azure-active-directory

msal

So I've successfully integrated Azure AD authentication in my angular site as per the instructions in msal-angular and now I'm at the point where I'm looking to define and leverage roles and permissions to provide more granular control of what a user can and can't do.

From what I've been able to determine I can define roles by following this set of instructions (https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles) but msal-angular doesn't seem to expose this upon logging in - or at least I haven't found instructions on how to do this just yet.

Perhaps I'm missing something. Any suggestions would be appreciated

like image 969
schlock Avatar asked May 08 '19 12:05

schlock

People also ask

How does Msal Guard work?

Protecting the Profile route means that even if a user does not sign in using the Login button, if they try to access the Profile route or click the Profile button, the MsalGuard will prompt the user to authenticate via popup or redirect before showing the Profile page.

How do I define a role in an Azure AD?

Search for and select Azure Active Directory. Under Manage, select App registrations, and then select the application you want to define app roles in. Select App roles, and then select Create app role. In the Create app role pane, enter the settings for the role.

What does Msal interceptor do?

MSAL Angular provides an Interceptor class that automatically acquires tokens for outgoing requests that use the Angular http client to known protected resources. This doc provides more information about the configuring and using the MsalInterceptor .

1 Answers

To get the groups a user belongs to, you will need to add directory.read.all to your scope in your Angular app and also in the API permissions in the Azure app settings.

let graphUser = await graphClient.api('/me').get();
let graphUserGroups = await graphClient.api(`/users/${graphUser.id}/memberOf`).get();

let user = new User();
user.id = graphUser.id;
user.displayName = graphUser.displayName;
// Prefer the mail property, but fall back to userPrincipalName
user.email = graphUser.mail || graphUser.userPrincipalName;

graphUserGroups.value.forEach(group => {
    user.groups.push({
        group_id: group.id,
        group_name: group.displayName
    });
});
like image 109
stillatmylinux Avatar answered Sep 20 '22 20:09

stillatmylinux
Sign in to Comment

Related questions

Verify if an input checkbox is checked in Angular2
Angular6 pass data to ng-template
How to slice numbers from last index using angular pipe?
Angular 6 zip is deprecated: resultSelector is no longer supported, pipe to map instead
Angular CDK Drag and Drop: Cancel drag-action
Dynamic Template in Component Angular 6
Karma Test With angular 6
How to get text width and height inside a TextArea in HTML using JavaScript?
Nativescript gradle build fails with "resource xml/network_security_config not found"
What is "const {next, error} = observer" syntax?
httpclient response is null when API returns a 204 status code
Angular Font Awesome in a component library - FontAwesome: Could not find icon with iconName=times and prefix=fas
Angular elements as native form control in reactive form
Angular 7 HTTP GET send JSON object as a parameter
How to use types with dynamic imports?
Angular 5 - Promise vs Observable - performance context
Angular 6: How to highlight element on navbar depending on scroll?
Text Color for different status Angular 6
How do I format cells in workbook produced by xlsx package under Angular
Scrolling to top in angular after route change and new component loads not working

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!