I created a tenant in abp using the admin. But i was unable to login with the email address used in the tenant registration. I also queried the database and looks like it is not being saved.
Related
How to access the Azure Active Directory group in Angular for a logged in user using MSAL.
I am able to authenticate the user using MSAL. But I am not able to access the AAD group of the user.
I have a public facing web site where we are implementing a ADMIN page for master data update etc.
My requirement is to display a ADMIN page if user is part of a specific AAD group like "AD_Project_Admin". Also I want to display a BUTTON only if user is authenticated and if user is part of AAD group like "AD_Project_Admin".
Any help on this will be appreciated.
I am creating a website which allows users to create an ad before they are registered.
I have the default User collection type and also created an Ads collection type. Ads have a relation to User as the creator of the ad. Note that when the Ad is created the user is not logged in.
Users visit the site and they start creating the ad by filling up a form with:
Title
Product Description
Then when they are done filling the ad info they are asked to register.
When they click to register, the frontend calls Strapi and creates the user.
Then it gets the user id and creates the ad with the user id as the 'creator'.
The problem is Strapi is not creating the relation unless I set my User 'find/findOne' function to public.
Is it possible to create the relation without making it so that people can find users through the api?
I'm trying to create an app within the Azure app management portal that will serve as a template to be used with any tenant. Basically what we are trying to do, is create a connector that will be approved using admin consent, and receive application level permissions to read all the emails in the organization using Graph API.
What I have managed to do so far is create an app within our own tenant and get application level permissions for this tenant only. This enabled me to successfully read all emails in my organization only (which is not possible using delegated permissions).
What is the right way to receive application level permissions for any tenant, using admin consent? Is the only way to do it, for the specific tenant to manually add an application that will receive admin consent?
I am using django with the social_core module.
Something does not add up...
Thanks.
You can register a single application (with a single client ID and set of credentials that you control), configure the permissions you desire/require, and then customers from different tenants can each grant admin consent for your application, in their own tenant.
If your application/service does not have a sign-in experience (i.e. it is exclusively used as a background service and users never sign in to it), you can construct the admin consent URL, such as:
https://login.microsoftonline.com/organizations/v2.0/adminconsent
?client_id={client_id}&scope=.default&redirect_uri={your_redirect_url}
You can read more about the admin consent endpoint at: https://learn.microsoft.com/azure/active-directory/develop/v2-admin-consent
I'm building an Angular 11 app with AWS Amplify as the backend which uses Appsync, dynamodb and a managed GraphQL API. I'm using the cognito user pools to authenticate. Authentication works neatly, but I am really confused about how to go about doing role-based authorization. I haven't done this using cognito before but I have a strategy in mind that should theoretically work out. I would like advice on if there is a better way to do this:-
Requirements:-
The app will be used by members of organisations that we are partnering with. Every member will be tied to an organisation. So organisations have their own table and so do members. Members of an organisation can only access content related to their organisation. So right after authentication, the client app has to get the id of the organisation the current user belongs to and also the role they play in that organisation to show/hide UI resources and filter data. Which UI resources they can access depends on the role they play in that organisation and of course the data they see there has to be restricted to what is related to their organisation.
This is a controlled beta release of our application, so Cognito user pools uses email and password to login. No other login option is provided for the sake of keeping things simple. User sign up is not possible. Only admins can add new users for now.
How I plan to do this:-
Cognito API is integrated to the client and the admin will add the
new members from the client UI and the client will add them to the
cognito user pool via the Cognito API
While adding the new members, the admin will specify which
organisation they belong to and what role they play in it. But the
organisation and role are not details that are stored within the
user pools. There is a separate dynamodb table called "members"
which stores these information because these can change frequently
and need to be flexible.
Additions made to the Cognito user pool trigger a lambda function
that automatically syncronizes the "members" table in the amplify
backend in a dynamoDB table with the new additions to the user pool.
So when the admin adds a new user from the client UI, they
fill out a form with the email ID, name, organisation and role of
the new user, and the client UI will create that user with the name
and email ID in the user pool via the cognito API. Once that request
returns the user's ID (remember it will also trigger the creation of
a record in the member's table via the lambda funciton), we create a
mutation to the member's table adding the organisation and the role to the user's record in the member table.
Cognito user pool only has the email ID, name and user ID and
nothing else, all other information is stored in the members table,
which also has the ID, and name (for human reference) but not the
Email ID. We will not be holding the same information in
these two tables to avoid redundancy.
Updates to the email ID can be made by individual users via the
client app which will do it in the cognito user pool via the cognito
API. And no updates need to be made to the member table after email
update since the member table doesn't have the email ID. All other
member details can be made to the members table via the client app.
When the user logs in, as soon as the cognito UI authenticates the
user and sends over the email ID and user id, we fetch the member
details from the member table using the user ID and get details such as their name,
organisation they belong to and their role. And using the
information on their role, we can restrict UI resources using flags
in the UI Code. To achieve this, there will be a separate table that
will let the admin user modify access to the UI resources for each
role. So we'll need to fetch the role and the associated UI tags
right after authentication as well.
And as for how data is filtered as per the organisation, I am not
sure yet, but I would like to use an authorizer that will be
specified using a function in the graphql schema itself, that will
get the organisation ID with each request and use that to filter the
data before returning to the client.
Not sure if this process is solid, but this is what I was able to fathom. Please let me know if I am doing this in a sensible way or if there are better ways to achieve what I am doing.
We have a Laravel application with Voyager as the admin panel which is working properly as far as admin-auth is concerned. But for the front-end users, we want to implement external authentication through Dynamics-365 (IFD). So, the client already has a database of users in Dynamics-365 which he wants should be able to login by providing their email and a password stored in a custom entity in Dynamics. So, for authenticating front-end users, we need to make a call to the CRM with an email and fetch the data related to that email and then match the password entered by user with that stored in CRM and if they match, I've to authenticate the user.
We are using this package for accessing the Dynamics-365. What I understand is that I need to create a separate guard for front-end customers.
But where do I put the validation code and how do I create the auth once the credentials entered by user match those in the CRM?