Angular 2+中的Azure Graph/Microsoft Graph查询 [英] Azure Graph / Microsoft Graph queries in Angular 2+
问题描述
我想在Angular 5 Web App中从Azure Active Directory查询应用程序角色和组声明.我想授予管理员特殊权限/访问页面.我已经在Azure中注册了B2C应用程序,并在 https://apps.dev.microsoft.com ,并尝试使用MSAL.js通过Microsoft Graph查询数据.
I want to query application roles and group claims from Azure Active Directory in my Angular 5 Web App. I want to give admins special permissions / access to pages. I have a registered a B2C App in Azure and a Microsoft App at https://apps.dev.microsoft.com and have tried querying data via Microsoft Graph with the MSAL.js.
我使用B2C Web应用程序中的应用程序ID作为客户端ID,获取了令牌,然后调用了端点"数据以一个数组的形式返回,其中一个用户包含我的信息.当我查询组时,我得到一个空数组.我的应用程序现在有多个测试用户和几个组.
I used the Application ID from my B2C Web App as the clientID, acquired a token, and called to the endpoint "https://graph.microsoft.com/v1.0/users". The data returns as an array with one user with my information. When I query the groups I get an empty array. My app right now has multiple test users, and a few groups.
似乎我正在从Azure中提取与我的应用程序无关的数据.我在查询正确的数据源吗?我是否需要设置其他权限或范围?
我发现了一个帖子,其中包含有关团体声明的有用信息.我曾尝试将其应用于我的Angular应用程序,但.NET库似乎比Angular的更加充实.
I found a post that has useful info about group claims. I've tried applying it to my Angular App, but the .NET libraries seem more fleshed out than Angular's.
更多信息: 它没有帮助,但我尝试注册Active Directory应用程序,创建了两个API(Microsoft Graph和Windows Azure Active Directory),并为这两个API设置了必需的权限.我试图在MSAL.js中将该应用程序的应用程序ID与Azure Graph Api终结点" https://graph.windows.net一起使用",但不成功.我玩过图形浏览器,但是我最多能够查询的是那个用户.
More information: It wasn't helpful, but I played around with registering an Active Directory App, created two apis (Microsoft Graph and Windows Azure Active Directory) and set required permissions for both. I tried to use that app's Application ID in MSAL.js with the Azure Graph Api endpoint "https://graph.windows.net" which was unsuccessful. I have played around with using the Graph Explorer but the most I was able to query was that one user.
推荐答案
我重新阅读了在这里更详细地介绍了这一点和其他一些障碍.
I re-read this article about the Azure AD Graph API noticed that in order to query the Graphs, you need to use a user id that is local to your tenant’s domain and is an admin. When I created and used my tenant’s admin (from that domain), all of the queries worked. Also I needed the Directory.Read scope. I wrote in more detail about this and a few other road blocks I came upon here.
这篇关于Angular 2+中的Azure Graph/Microsoft Graph查询的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
