OpenID: User info lookup and user token for Scheduled job

[Version: 2023 - August]
[Build: 23.08.31502]

Microsoft's Graph API can be used to improve the functionality of TARGIT's OpenID.

The major improvements of using Graph API are:

  • You will be able to lookup further user/group information from the Azure AD, which in turn can be used for Rights and Roles settings in TARGIT Management.
  • The token needed for the user running Scheduled jobs in TARGIT can be auto-refreshed. Otherwise, the scheduled job will stop working if the user hasn't logged in for a while.

The OpenID login script can be extended to be a set of four functions:

  • interactive_login: this function should be the same as the old script - i.e. converting the OpenID claims to a user in the TARGIT Server
  • user_login: this function should return the same information as the interactive_login, but it will only receive a user name, so it should query e.g. Graph API to get the information. This function should be used when running scheduled jobs.
  • group_search: this function should return a list of groups - optionally filtered by name
  • user_search: this function should return a list of users - optionally filtered by name.

'group_search' and 'user_search' should return basic information only - e.g. id, name, etc. They will not be used to log in a user - only to query users/groups that is needed by the Roles and Rights editors.

Other functions are also allowed in the script. They can be used by the 'interactive_login', 'user_login', 'group_search' and 'user_search' functions to minimize code duplication.


Was this article helpful?
0 out of 0 found this helpful



Please sign in to leave a comment.