Retrieving All Delegated Roles using ADAL.js

[RehanSaeed]

I have the following scenario:

SPA Application

• User - Has a role with this name.

API Application

• Resource.Read.All - Has a role with this name

SPA Group

• Has the User and Resource.Read.All roles added as delegated permissions.

When I login using ADAL.js, the user object only contains the roles for the SPA:

const user = this.authenticationContext.getCachedUser();
const roles = user.roles; // Returns [ "User" ]

Is it possible to also retrieve the roles for the API application?

[navyasric]

@RehanSaeed Can you clarify about the SPA Group? Is it a single application registration with a SPA and an API component? In order to receive the roles claims, you will need to configure your application manifest. Here is a .net sample which shows how the configuration steps which may apply to your app.

[RehanSaeed]

It's as I've written above, two application registrations and a group in the Azure portal.

[RehanSaeed]

To be clear. The API is a separate application to the SPA application and has separate application roles.

[nehaagrawal]

@RehanSaeed can you please explain your user case. Why do you need the roles for both the SPA Application and the API?

[RehanSaeed]

I was wondering if I could use the API roles to perform hide/show parts of the SPA instead of duplicating the role in both the SPA and API.

[AWR14]

I want to show a different navigation items if the user is assigned to a certain group.

i can get the user but can't see where i get the groups, any working example of this?

const user = this.authenticationContext.getCachedUser();

[sameerag]

Please check AzureAD/microsoft-authentication-library-for-js#1143 for this issue.

All current authentication work from microsoft is delivered through msal js library here. adal js is still supported only for security fixes. We would recommend to move to msal js for any advanced feature asks.