Reputation: 664
I have created a Azure Web App using PHP. I enabled AAD Authentication, and got it all worked out where you have to login as a company user to access the site.
Then I created new App Roles using the App Registration --> Manifest
. I have assigned myself that role, logged off, and back on, and within the $_SERVER
variable I cannot find any reference to that role. I can find my username, tokens, principle_id, etc. but nothing referencing the AppRole I just created.
My question is, how do I get the App Roles that the logged in user is assigned? The only documentation I find on this is for .net or really old Azure classic stuff.
Any ideas?
Upvotes: 0
Views: 1168
Reputation: 5549
Based on the official documentation, the defined AppRole will be returned in id_token.
To get user's id_token, you can use Azure AD OAuth 2.0 authorization code flow, and add openid to scope. Here I use postman to acquire access_token and id_token:
And then I can get the id_token
By analyzing the id token, you can get the role of the user:
Upvotes: 1
Reputation: 5294
Simplest way i can think of utilizing Microsoft Graph API for this kind of operation.
Here is a sample Github Repo for reference:
https://github.com/Azure-Samples/active-directory-php-graphapi-directoryextensions-web
For getting the user role , you can simply call below graph api :
GET /me/memberOf
or
GET /users/{id | userPrincipalName}/memberOf
You can check below doc for further reference:
https://learn.microsoft.com/en-us/graph/api/user-list-memberof?view=graph-rest-1.0&tabs=http
Overall this is how the flow would look like:
Sample response look like below:
HTTP/1.1 200 OK
Content-type: application/json
{
"value": [
{
"@odata.type": "#microsoft.graph.group",
"id": "id-value",
"createdDateTime": null,
"description": "All users at the company",
"displayName": "All Users",
"groupTypes": [],
"mailEnabled": false,
"securityEnabled": true,
}
]
}
Hope it helps.
Upvotes: 0