Comments (2)
manicminer
commented on June 10, 2024
1
One way this might be possible is by inspecting the claims in the access token and inferring some principal information from that. The populated claims do seem to be different when authorized as a service principal versus a user, but the SDK doesn't currently make any distinction as it doesn't need to.
Parsing the claims is already supported:
token, _ := authorizer.Token()
claims, _ := auth.ParseClaims(token)The /me endpoint is useful as you say, but only for users (I can't remember whether you get a 4xx or a dead response if you get that as an SP).
A service principal can request info about itself, either via it's corresponding application or directly:
meMyself, _, _ := spClient.Get(ctx, claims.ObjectId)Given the variety of possible scenarios, ultimately I think the logic here is going to be specific to your environment and it would be best to implement this in your application using some combination of the above. However if there are any missing pieces in the SDK it would be great to add those :)
from hamilton.
simongottschlag
commented on June 10, 2024
1
I fully agree! Thank you 🙏
from hamilton.
Related Issues (20)
- Consider using beta version of API for accessPackage HOT 1
- azcli auth doesn't support MSAL scopes HOT 1
- Support for Continuous Access Evaluation (CAE) in conditional access session
- Support for Chat Resource HOT 2
- Group writebackConfiguration HOT 2
- Add the app ID for Azure Database for PostgreSQL - Flexible Server.
- Is it possible to fetch synchronizationSchema?
- ProvisionOnDemand() in SynchronizationJobClient returns error even though provisioning was successful
- AdministrativeUnits client uses wrong endpoint
- Replace double forward slash with single forward slash in all requests HOT 1
- How to manage enterprise application service principal saml claims? HOT 4
- Add support for synchronization GetSchema
- Add ServiceManagementReference to model
- Add support for ClientApplications in ConditionalAccessConditionSet
- DEBUG log entry showing up in production.
- Can "encoding/json" be replaced? HOT 1
- Add support for conditional access policy guestsOrExternalUsers settings
- [Question] Dynamic Distribution Lists and mailbox custom attributes HOT 1
- Error: no Authorizer could be configured, please check your configuration
- Help getting user emails
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hamilton.