oauth 2.0 - How to configure users access to an API protected with Azure AD oAuth2 -


we have existing "private/internal" api (non ms/azure) protect oauth2 provided azure ad, so, user's access api maintained azure ad administrators.

it seems way configure api web application in azure ad. then, users can authorization token azure oauth2 server , send api (e.g. single page web app).

the api expected validate scope, per understanding, received in token , make decision regarding access.

but can't figure out how configure api access scope in azure ad against user. i.e. how link particular user , api scope in azure ad?

can pls advise?

thank you.

when configure app, can enable "user assignment required" (in enterprise application properties in azure portal), , configure users or groups should have access.

alternatively, if need more granularity, can use role based access, define roles in application manifest (https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/app-roles), , assign users different roles.

the [authorize] attributes on api controllers or on actions in them can configured required roles access them, so: [authorize(roles = "admin, writer, approver")] (any of 3 named roles have access).

there sample demonstrates this.


Comments

Popular posts from this blog

php - Vagrant up error - Uncaught Reflection Exception: Class DOMDocument does not exist -

vue.js - Create hooks for automated testing -

Add new key value to json node in java -