I am getting the Policy Configurations (GET https://dev.azure.com/{organization}/{project}/_apis/policy/configurations) and for the policy of type "Required reviewers" (response array item's type.displayName), there is a property named "ReviewerIds" which is an array of what looks like GUIDs.
However, I do not know how to retrieve information about the user(s) or user group(s) identified by the GUID(s) in that array.
I suspect you're looking either for IdentityByID or IdentityByDescriptor:
https://learn.microsoft.com/en-us/rest/api/azure/devops/ims/identities/read-identities?view=azure-devops-rest-7.0&tabs=HTTP#by-ids
https://learn.microsoft.com/en-us/rest/api/azure/devops/ims/identities/read-identities?view=azure-devops-rest-7.0&tabs=HTTP#by-identitydescriptors
Be sure to call the right endpoint, identity information is from https://vssps.dev.azure.com.
Related
Hello, I have a problem I created a Registration form and im trying to check if there is any user which have a certain username inside the Firebase Db. I tried to get the reference of all the users.
var users = Database.database().reference("users")
But I don't know how I could check if there is any user with a specified username.
You'll want to use a query for that. Something like:
let query = users.queryOrdered(byChild: "username").equalTo("two")
Then execute the query and check whether the result snapshot exists.
Note though that you won't be able to guarantee uniqueness in this way. If multiple users perform the check at the same time, they may both end up claiming the same user name.
To guarantee a unique user name, you will need to store the user names as the key - as keys are by definition unique within their parent node. For more on this, see some of these top search results and possibly also from here.
I am trying to resolve a particular VSTS group by name to retrieve the identityDescriptor property. Rather than query all groups and filter, I want to leverage the query parameters supported. Looking at VSTS Groups - List API, it supports the additional query parameters scopeDescriptor, and subjectType. However, I keep providing bad values for these parameters.
However, when I specify any combination of these I get 0 results. In addition, as soon as I add a scopeDescriptor, I hit an Microsoft.VisualStudio.Services.Graph.InvalidSubjectTypeException -> HTTP 400 Bad Request.
Questions:
What are examples of expected values for subjectTypes?
Edit 1
subjectTypes are not the actual type, but the subtype that prefixes the subject descriptor. For example -> vssgp,aadgp:
"subjectDescriptor": "vssgp.Dc0NDgzLTzQ1NwOTI5LTI0NTcwNDLTAtMwUy0xLTktMTAtMC0wMjgxNjcxNDU0OS0zMU1MTM3NDI0NS0yMjUzNzA0ODMtE"
What are examples of expected values for scopeDescriptor?
Example query urls:
- Working:
https://{account}.vssps.visualstudio.com/_apis/graph/groups?api-version=4.1-preview.1
- Working subjectTypes:
https://{account}.vssps.visualstudio.com/_apis/graph/groups?subjectTypes=vssgp&api-version=4.1-preview.1
- scopeDescriptor throws:
https://{account}.vssps.visualstudio.com/_apis/graph/groups?scopeDescriptor=collection&api-version=4.1-preview.1
https://{account}.vssps.visualstudio.com/_apis/graph/groups?scopeDescriptor=collection&subjectTypes=Microsoft.TeamFoundation.Identity&api-version=4.1-preview.1
You can get the scope descriptors for a project or a collection by making an api request to https://vssps.dev.azure.com/{organization}/_apis/graph/descriptors/{Id}(replace id with projectId if you want to get the scope descriptor for a project and so on).
For example if you want to get the scope descriptor for a project then simply replace the storage key in the request URL with the project Id and in response you get the scope descriptor. The scope descriptor has the following format scp.(long unique identifier).
P.S: More on how to get descriptors can be found here https://learn.microsoft.com/en-us/rest/api/azure/devops/graph/descriptors/get?view=azure-devops-rest-5.0. Remember storagekey can be substituted with projectid or collectionid to get specific descriptors.
Regarding subjectTypes, it is the group type, such as vssgp, aadgp, you can get it from descriptor value of each group.
I am trying to access a group id of a specific group from keycloak. What I found is like there is no REST Api call is available for access this one. You can refer here http://www.keycloak.org/docs-api/3.0/rest-api/index.html#_groups_resource. This shows that you can access all group details or specific group details only by using their Id's. Actually what I actually need is I want to access only the id of the specific group. Can anyone let me know how to do this?
You can write it like this:
GET http://localhost:your_port/auth/admin/realms/your_realm_name/groups?search=name_of_the_group
it will return {id, name, path, subGroups} to you..
My Postman Example
The documentation you're using is pretty old. Take a look at the documentation for the latest release:
https://www.keycloak.org/docs-api/4.8/rest-api/#_groups_resource
You can provide a "search" parameter to look for groups by name.
Unfortunately, if you use the name of a subGroup, it returns the entire hierarchy starting from the top-level group, so the API for groups is still problematic.
One way is to enter keycloak admin panel. Then in the Groups option, select a group. Finally you will find the group id in the URL. Like /realms/Applications/groups/bc49dc6c-7c2a-40c4-bf60-fea8c2b1d562
You can get a list of all groups:
GET /admin/realms/{realm}/groups
The response will have group properties including id.
[
{
"id": "8ge163b3-6kc7-40ed-x069-3309eabbcbea",
"name": "group1",
"path": "/group1",
"subGroups": []
}
]
This might come a bit late, but anyway.
There is also the GET /{realm}/group-by-path/{path} endpoint which will return only the group that you desire since path is unique.
Also if someone needs (and since this isn't actually documented, or at least not as of the writing of this answer) if you want to call this endpoint from the admin-cli you can do it as follows:
./kcadm.sh get group-by-path/{path} --realm {realm}
ex.: ./kcadm.sh get group-by-path/parent_group/child_group/grand_child_group --realm realm1
I have the API route /api/users/:user_id, which takes a number as a parameter.
I want to have now the same route, but taking the username instead of the id, like this: /api/users/:username.
In my code, I have the route set up as /api/users/:user and I check the user URI parameter and do different actions if it is a number or a string.
Is it good practice / efficient to have the same route, but with a different parameter type? Both the username and user id's are unique.
It works, I just want to know if this is a practical solution, or if I should do separate routes.
we solved it by parsing the path variable.
psuedo code
long id;
String name;
try{
id = parselong(input);
}catch(parse exception){
name = input;
}
findbynameorid(id,name)
select * from customer where name = ? or id = ?
Assuming that both IDs and usernames are unique, it's valid solution.
Regarding implementation, you could use a regular expression to match the user identifier and check if it's an ID or a username.
It isn't really "good practice" to share a route parameter on a route, but as long as the IDs and usernames are both unique, you should be fine. Both act as unique identifiers for a user so both can be used to find the user in that route.
You can accept both the ID and username as the same parameter by first making the route param more permissive. Next, you can use the following (pseudo) query to look up whether that param matches the ID or the username:
SELECT id, name FROM users WHERE id={param} OR username={param}
Remember to pass that param in as a real query parameter; do NOT simply concatenate strings. Doing so will open you up to an SQL injection attack.
Solution
Make Parameter value as string and send one Request parameter as additional flag which describe request mode.
/api/users/:user_key?type=boolean > true(default) userid & false for username or vice versa.
Modify your api which then can answer two different apis
/api/users/user/userid/:id & /api/users/user/username/:name
Recommended
Above can resolve your issue. But is not recommended way of dealing with fetching user profile information using REST api. Presuming you will introduced user authentication in you rest application.
Self api : /api/users/me : this will fetch user info of the once who is currently logged with respect to that session/token.
User api : api/users/:id : this will fetch fetch specific user info
Username api: api/users?filters={username=some_username, }: this will fetch info of those users which have username matching with given filter.
What is the best way to design or name an API URL that would get a specific user with a given unique identifier? I'm using cognitoId as the unique identifier.
Which of the following should I use?
/profiles/profile, then pass the cognitoId as URL Query String Parameters
/profiles/{id}
/profiles/profile then check 'Invoke with caller credentials'
If it is an API where any authorized user can get anyone's username by passing a unique ID, then you could use something like this: /profiles/{id} For example, https://api.github.com/user/1
If it is an API that returns the username of the caller by using the cognito ID, then /profiles/profile should work. See $context.identity variables in documentation to fetch the cognito ID.