如何使用MSAL-ANGULAR阅读角色/权限 [英] How do you read Roles/Permissions using MSAL-ANGULAR
问题描述
因此,我已经按照msal-angular中的说明成功地将Azure AD身份验证集成到我的角度站点中,现在我正要定义和利用角色和权限以提供更精细的控制权用户可以做什么和不能做什么.
So I've successfully integrated Azure AD authentication in my angular site as per the instructions in msal-angular and now I'm at the point where I'm looking to define and leverage roles and permissions to provide more granular control of what a user can and can't do.
From what I've been able to determine I can define roles by following this set of instructions (https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles) but msal-angular doesn't seem to expose this upon logging in - or at least I haven't found instructions on how to do this just yet.
也许我错过了一些东西.任何建议将不胜感激
Perhaps I'm missing something. Any suggestions would be appreciated
推荐答案
要获取用户所属的组,您需要将directory.read.all
添加到Angular应用程序中的范围以及Azure中的API权限中应用程序设置.
To get the groups a user belongs to, you will need to add directory.read.all
to your scope in your Angular app and also in the API permissions in the Azure app settings.
let graphUser = await graphClient.api('/me').get();
let graphUserGroups = await graphClient.api(`/users/${graphUser.id}/memberOf`).get();
let user = new User();
user.id = graphUser.id;
user.displayName = graphUser.displayName;
// Prefer the mail property, but fall back to userPrincipalName
user.email = graphUser.mail || graphUser.userPrincipalName;
graphUserGroups.value.forEach(group => {
user.groups.push({
group_id: group.id,
group_name: group.displayName
});
});
这篇关于如何使用MSAL-ANGULAR阅读角色/权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!