我在entra id中有一个后台应用程序,它具有不同的角色-例如Role1和Role2.我还有一个前端应用程序,它具有后台作为API权限.
当我在前端使用身份验证时,登录用户的角色不会从后台应用程序下载.这对我来说是一个问题,因为我不想在两个地方拥有角色,而且我不能,因为我正在使用后台的id角色.
export function MSALInterceptorConfigFactory(): MsalInterceptorConfiguration {
const protectedResourceMap = new Map<string, Array<string>>();
protectedResourceMap.set(environment.graphUrl + '/me/memberOf', ['user.read']);
protectedResourceMap.set('user.read', [environment.scope]);
return {
interactionType: InteractionType.Redirect,
protectedResourceMap,
};
}
这可能吗?
First token doesn't return any roles from the API application. (maybe is needed include scope but I don't know how)
The second token is for calling backend and there is adding scope for API application.