Microsoft's Graph API can be used to improve the functionality of TARGIT's OpenID.
The major improvements of using Graph API are:
- You will be able to lookup further user/group information from the Azure AD, which in turn can be used for Rights and Roles settings in TARGIT Management.
- The token needed for the user running Scheduled jobs in TARGIT can be auto-refreshed. Otherwise, the scheduled job will stop working if the user hasn't logged in for a while.
The OpenID login script can be extended to be a set of four functions:
- interactive_login: this function should be the same as the old script - i.e. converting the OpenID claims to a user in the TARGIT Server
- user_login: this function should return the same information as the interactive_login, but it will only receive a user name, so it should query e.g. Graph API to get the information. This function should be used when running scheduled jobs.
- group_search: this function should return a list of groups - optionally filtered by name
- user_search: this function should return a list of users - optionally filtered by name.
'group_search' and 'user_search' should return basic information only - e.g. id, name, etc. They will not be used to log in a user - only to query users/groups that is needed by the Roles and Rights editors.
Other functions are also allowed in the script. They can be used by the 'interactive_login', 'user_login', 'group_search' and 'user_search' functions to minimize code duplication.