Roles and Scopes in Azure Identity | azure ad roles scopes | oauth2.0 roles vs scopes
Vložit
- čas přidán 11. 06. 2024
- Role vs scope in Azure AD | azure ad roles scopes | oauth2.0 roles vs scopes | Roles , Scopes differences|
Roles and Scopes in Azure Identity
Roles manage User’s access and Scopes manage Application’s access. Below is the details description for Azure AD Roles Vs scopes
Roles in Azure Active Directory Oauth 2.0 is a mechanism to restrict access of the user in application. Roles in Azure Identity are used to manage user's access on application.
Scopes in Azure Active directory Oauth2.0 is a mechanism to restrict application's access on User's information. Scopes prevents unauthorized disclosure of user information to applications. Scopes are introduced as part of OAuth2.0.
In this video, Roles were explained theortically and with an example by taking a simple library management system. created app registrations with Roles and Scopes. Assigned roles to an user and scopes to client applications. Used postman to generate Azure Access token which contains Roles and Scopes in Azure Active Directory.
Key differences is Role manages users access and scope manages application access. Roles and Scopes are important to manage the security of application.
Azure AD roles can be assigned to users and applications where as Scopes can only be assigned to client applications. Scopes are delegated permissions. i.e. scopes are related to the logged in user's permissions. Roles are vice versa. Scope defines a boundary for the application's access over user data and Role defines a boundary for the user access on application's functionality. Scopes and Roles Azure Active directory but they were introduced as part of Oauth.
If you decode token in Jwt.io, scopes and roles are embedded inside the token. The application uses roles defined in the token to restrict the access.
In internal organizations generally scopes are granted permissions at the active directory level by default by the admins. But if we use third party api's like google sign in or others scopes are understood clearly and the same scopes vs roles differences explained in this video.
00:00 Scopes vs Roles introduction
00:10 Azure AD Roles scopes difference
00:48 Azure AD Roles scenario
01:24 Oauth 2.0 Roles practical example
06:26 Azure AD Scopes description
08:26 Oauth2.0 Scopes example
09:14 Scopes vs roles difference conclusion
Please upload more videos on azure
I agree, his videos are very useful
WOW...
one of the best explanatory videos on Azure Identity for web developers I have ever seen.
can you please do a video like the one you did on .net core + angular for nodejs+react?
it looks like there are a lot of different things:
1. in node you need client secret, in .net core you don't.
2. in Angular you configure scopes for frontend and backend apps together, so you log in to both tokens and use it smoothly, in react this need to be manual...
Thanks for the feedback. Unfortunately Node.js is not my core competency. Will try if possible. Again Thanks for the feedback. Please subscribe to the channel if you have not subscribed yet.
Welcome back
can you create a video on topic hot to create client app and api app, ant when client authenticates and gets access-token for the api app, in that time fill custom claims to it , that api app could see like user.deparment, user.companyname, user.jobtitle in the token.
sure. But it is very simple. You just need to write a middleware.