This repository was archived by the owner on May 17, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 174
Expand file tree
/
Copy pathsample.json
More file actions
127 lines (127 loc) · 4.08 KB
/
sample.json
File metadata and controls
127 lines (127 loc) · 4.08 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
{
"Sample": {
"Title": "Angular single-page application calling a protected ASP.NET Core web API and using Security Groups to implement Role-Based Access Control",
"Level": 300,
"Client": "Angular SPA",
"Service": ".NET Core web API",
"RepositoryUrl": "ms-identity-javascript-angular-tutorial",
"Endpoint": "AAD v2.0",
"platform": "javascript",
"Languages": [
"typescript",
"csharp",
"javascript"
],
"Description": "An Angular single-page application calling a protected AspNet web API and using Security Groups to implement Role-Based Access Control (RBAC)",
"products": [
"azure-active-directory",
"ms-graph",
"msal-js",
"msal-angular",
"microsoft-identity-web"
]
},
"AADApps": [
{
"Id": "client",
"Name": "msal-angular-app",
"Kind": "SinglePageApplication",
"Audience": "AzureADMyOrg",
"SDK": "MicrosoftIdentityWeb",
"HomePage": "http://localhost:4200/",
"ReplyUrls": "http://localhost:4200/, http://localhost:4200/auth",
"GroupMembershipClaims": "SecurityGroup",
"PasswordCredentials": "Auto",
"SampleSubPath": "5-AccessControl\\2-call-api-groups\\SPA",
"Scopes": ["access_via_group_assignments"],
"SecurityGroups": [
{
"Name": "GroupAdmin",
"Description": "Admin Security Group"
},
{
"Name": "GroupMember",
"Description": "User Security Group"
}
],
"RequiredResourcesAccess": [
{
"Resource": "client",
"DelegatedPermissions": ["access_via_group_assignments"]
},
{
"Resource": "Microsoft Graph",
"DelegatedPermissions": ["User.Read", "GroupMember.Read.All"]
}
],
"OptionalClaims": {
"IdTokenClaims": ["acct"],
"AccessTokenClaims": ["idtyp"]
},
"ManualSteps": [
{
"Comment": "This script has created a group named 'GroupAdmin' and 'GroupMember' for you. On Azure portal, navigate to Azure AD > Groups blade and assign some users to it."
},
{
"Comment": "To support overage scenario, remember to provide admin consent for GroupMember.Read.All permission in the portal."
}
]
}
],
"CodeConfiguration": [
{
"App": "client",
"SettingKind": "Replace",
"SettingFile": "\\..\\API\\TodoListAPI\\appsettings.json",
"Mappings": [
{
"key": "Enter the ID of your Azure AD tenant copied from the Azure portal",
"value": "$tenantId"
},
{
"key": "Enter the application ID (clientId) of the 'TodoListAPI' application copied from the Azure portal",
"value": "client.AppId"
},
{
"key": "Enter the Client Secret of the 'TodoListAPI' application copied from the Azure portal",
"value": "client.AppKey"
},
{
"key": "Enter the object ID for GroupAdmin group copied from Azure Portal",
"value": "$GroupAdmin.Id"
},
{
"key": "Enter the object ID for GroupMember group copied from Azure Portal",
"value": "$GroupMember.Id"
}
]
},
{
"App": "client",
"SettingKind": "Replace",
"SettingFile": "\\..\\SPA\\src\\app\\auth-config.ts",
"Mappings": [
{
"key": "Enter_the_Application_Id_Here",
"value": "client.AppId"
},
{
"key": "Enter_the_Tenant_Info_Here",
"value": "$tenantId"
},
{
"key": "Enter_the_Web_Api_Application_Id_Here",
"value": "client.AppId"
},
{
"key": "Enter the object ID for GroupAdmin group copied from Azure Portal",
"value": "$GroupAdmin.Id"
},
{
"key": "Enter the object ID for GroupMember group copied from Azure Portal",
"value": "$GroupMember.Id"
}
]
}
]
}