How to access the Azure Active Directory group in Angular for a logged in user using MSAL.
I am able to authenticate the user using MSAL. But I am not able to access the AAD group of the user.
I have a public facing web site where we are implementing a ADMIN page for master data update etc.
My requirement is to display a ADMIN page if user is part of a specific AAD group like "AD_Project_Admin". Also I want to display a BUTTON only if user is authenticated and if user is part of AAD group like "AD_Project_Admin".
Any help on this will be appreciated.
Related
I am using the Django-Oauth-toolkit in my web app development.In that i can able to create new application using django admin panel and created the new admin users.And i can able to login that newly created admin users and able to get the token.But my problem is, i can able to register the user using my model and user is created in my db.But when i try to login with created user and try to get token with o/token with oauth grand type, then i am not getting token and getting invalid credentials response.But super user credentials login and token generation is working fine.And in django admin panel, super users are listed under 'Authetication and authorization' and normal users are listed under Django app.So please help me how to generate the tokens for users which are registered in django app.Or how to create the super users from django app.
I hope you found a solution to your issue. I was facing the same problem, and stumble on this answer.
You should check it out.
On the other hand you should use django's createsuperuser command to add users, so that they are also registered in your django oauth toolkit application.
I have created userpool and integrated 3rd party IdPs to login to my website.
I want only some specific users of that Idp(example SAML ADFS, google) should be able to login and not every user.
Like if google user tries to login than first it should be checked whether this user is in our user's list (like by checking email id) and if it matches than redirect that user to main page otherwise not allowed to login.
I want to if it is possible via cognito or not and if yes than what is solution.
I'm trying to create an app within the Azure app management portal that will serve as a template to be used with any tenant. Basically what we are trying to do, is create a connector that will be approved using admin consent, and receive application level permissions to read all the emails in the organization using Graph API.
What I have managed to do so far is create an app within our own tenant and get application level permissions for this tenant only. This enabled me to successfully read all emails in my organization only (which is not possible using delegated permissions).
What is the right way to receive application level permissions for any tenant, using admin consent? Is the only way to do it, for the specific tenant to manually add an application that will receive admin consent?
I am using django with the social_core module.
Something does not add up...
Thanks.
You can register a single application (with a single client ID and set of credentials that you control), configure the permissions you desire/require, and then customers from different tenants can each grant admin consent for your application, in their own tenant.
If your application/service does not have a sign-in experience (i.e. it is exclusively used as a background service and users never sign in to it), you can construct the admin consent URL, such as:
https://login.microsoftonline.com/organizations/v2.0/adminconsent
?client_id={client_id}&scope=.default&redirect_uri={your_redirect_url}
You can read more about the admin consent endpoint at: https://learn.microsoft.com/azure/active-directory/develop/v2-admin-consent
We are trying to implement a "Login With Google" feature for an internal admin dashboard web app connected to our GSuite account. We want to limit login to this dashboard in two ways.
Only members of our GSuite domain can login to the dashboard
Only users in our domain belonging to a specific group within our domain can login to the dashboard
So far we have been able to accomplish number 1 above but not 2. Using a query param to the oauth2 API we can limit the domain. What we have in mind to accomplish number 2 is after the user within our domain is logged in, get their group information and validate that they are in the proper internal group or log them out. The issue with this is it seems only GSuite admin accounts are allowed to make API calls to the Directory API for this information. Is there no way to get the group information for a user with their own access token or using a service account? Ideally we don't want to have to provide a specific admin user within our GSuite account's personal credentials in our application to get this working. Is there a better way to proceed?
Thank you in advance for any help!
I am using google api for user to login. I could make oauth already and I can get access token from user to let them use my service
But I want to display current user groups s/he has membership
I can't use admin sdk because that user is not admin and has no permission to get list of group
Are there any api to get list of groups that user exist? Or are there anyway to have master access token to use admin SDK?
Unfortunately there is no Google Groups API that non-admins can use. However, you can configure your application to use the user's authorization for most requests, but use an admin's authorization for requests to the Admin SDK.