Reputation: 3453
I am using ng2-adal to integrate my Angular app with Azure AD login. My application should only be accessible to certain groups within my organization. Currently when I query the adal-service for user-info the jwt doesn't contain any groups information.
I figure I would query Microsoft Graph API to get /me/memberOf
info but I get Access denied
to this information and require an Admin to grant me permissions to view this data.
Is there any other way of getting this information or do I have to bug my IT dept to enable READ
permissions for groups?
Upvotes: 1
Views: 142
Reputation: 33124
I'm afraid so, anything that looks at Groups requires Admin Consent.
It certainly seems reasonable that you should be able to see your own membership (/me/memberOf
) with User.Read
. That said, I'm far from an information security expert there may good reasons for not allowing it.
Regardless, I would highly recommend adding this suggestion to the UserVoice. They do have
Upvotes: 2