php - How to authorise a User based on AD group membership from outside the domain?

View Original

one text

Solution:

You can call Microsoft Graph API: List memberOf to check groups and directory roles that the user is a direct member of.

GET https://graph.microsoft.com/v1.0/users/{id}/memberOf

You need to get an Microsoft Graph access token to call Microsoft Graph API.

And there is another easier way to authorize a User based on AD group membership. Just include groupMembershipClaims claim in your token and check it after you sign in. See this answer for more details.

Source
© 2021
E-mail: contact@webdevask.com
Back to top