[Question] How to use roles?

[r3r00t3d]

I'm using the 3.5.1 version of the library. For some reason, roles array is always empty inside the User object even though my user has 10 roles assigned in Azure AD. I'm trying to debug an issue and I cannot find a way to resolve if this is an Azure issue or a library issue. All of the other information inside the User object are filled out correctly.

Is there some special permission needed or anything that you can provide that can point me in the right direction? My user is also a member of a Global Administrator group, so it has the highest available privileges in the tenant.

Thanks.

[JonasKs]

Hi,

Typing this on my phone, so no screenshots (I can help more tomorrow), but from memory:

• Go to your application registration
• roles
• Create a new role
• Go to the enterprise application (you can go to overview -> click the name of the appreg, it'll take you there)
• map your users/enterprise roles to the app role

I can give a small tutorial tomorrow when I'm on a laptop. 😊

[r3r00t3d]

Thanks, I'll try that and I really appreciate all the help.

[JonasKs]

Go to your application registration, click Groups:

Create a role:

Go to Overview and click the Enterprise application link:

Go to Users and groups and add a user/group:

Add the user/group that you want to have this role (if you use a group, the users must be a direct member of that group. Nested membership does not work):

Click select role and assign the user/role to your application role:

Finish by clicking Assign. The user will now have that group in their token.

[r3r00t3d]

I did this and it worked. Maybe you can put this in the documentation as this will be a very common pattern for developers. The usual thing would be to map application roles with groups and check in the backend if user has certain role based on the group membership.

Thanks again for the detailed answer.

[JonasKs]

Pull requests welcome if you'd like to contribute. If not, yes, I will fix 😊