I'm using GraphAPI getting users by email for months. Something happened to a specific user. Right now I can't get this user using the following approach:
signInNames/any(x:x/value eq '{email}'
This is working with all users excepting the one I said before.
I'm getting this when trying to retrieve by email:
{
"odata.metadata": "https://graph.windows.net/jsmaddev.onmicrosoft.com/$metadata#directoryObjects",
"value":[]
}
If I try to get by ObjectId I can access user's info but the signInNames seems to be empty:
"signInNames":[]
Is there something that could cause this? You should remember that this particular access was working as intended.
Thanks!
This is normal. The filter signInNames/any(x:x/value eq '{email}' returns the users whose signInNames.value equals the email.
The signInNames part sample:
"signInNames": [
{
"type": "userName",
"value": "AlexW"
},
{
"type": "emailAddress",
"value": "AlexW#example.com"
}
]
If I try to get by ObjectId I can access user's info but the signInNames seems to be empty
Since the signInNames property is empty, "signInNames":[], it will returns the "value":[].
You should remember that this particular access was working as intended.
Of course, if the signInNames is not empty, it will work fine.
Related
I want to assign the realm role "TEST_ROLE_123" to a group, I am using
PUT /admin/realms/ataccamaone/groups/{group-id}
{
"realmRoles":["TEST_ROLE_123"]
}
I got group-id from /admin/realms/ataccamaone/groups/
However I get the response 204 No Content and in the Keycloak console I do not see the assignment.
I tried to reproduce your problem and find that PUT /admin/realms/ataccamaone/groups/{group-id} can only edit group name.
Inspect into "Network" tab of browser, I see it uses another URL to map roles to groups. And steps to do this via Admin REST API are:
Obtain PAT as described in https://www.keycloak.org/docs/latest/authorization_services/index.html#_service_protection_whatis_obtain_pat section
Following steps use this PAT as Bearer token (in "Authorization" header). I guess you've already got this.
Call GET http://localhost:8080/auth/admin/realms/realm1/roles to get list of roles, including their name and id values.
Call GET http://localhost:8080/auth/admin/realms/realm1/groups to get list of groups, including their ids
Call POST http://localhost:8080/auth/admin/realms/realm1/groups/{group-id}/role-mappings/realm with following body:
[
{
"id": "9083cac3-4280-497d-b973-7713a5fb12b4", // role-id
"name": "secretary" // role-name
}
]
Call DELETE with URL and body same as step 4 to remove roles from group.
I've faced same issue and corrected it with using a GROUP, Basically I've added the preferred ROLE into the User Groups ROLE LIST and used that specific user group while creating the user via REST API.
Eg:- ADMIN_USER_GROUP -> INCLUDED ('ADMIN_ROLE')
Then User creation API Request should be like below,
{
"firstName": "Sergey",
"lastName": "Kargopolov",
"email": "test4#test.com",
"enabled": "true",
"credentials": [
{
"value": "123"
}
],
"groups": [
"ADMIN_USER_GROUP"
]
}
I am facing the following issue while getting files/folders for OneDrive of a user.
On hitting
https://graph.microsoft.com/v1.0/users/{user-id}/drive
I get this in the response:
"quota": {
"deleted": 0,
"remaining": 0,
"total": 0,
"used": 0
}
which denotes that the drive isn't being used or is empty.
On hitting
https://graph.microsoft.com/v1.0/users/{user-id}/drive/root
I get the response -
"folder": {
"childCount": 21
},
"root": {},
"size": 281236319
Here, it denotes that there are 21 files/folders in the drive's root folder and they occupy 281.23 MB of space.
Now, on hitting https://graph.microsoft.com/v1.0/users/{user-id}/drive/root/children
I get empty vector in the response -
{
"#odata.context": "https://graph.microsoft.com/v1.0/$metadata#users('user-id')/drive/root/children",
"value": []
}
There are files present in the drive. But I am not able to get them via the children API.
Any help in understanding these 3 different results and getting the response would be appreciated
Thanks.
This issue is caused by calling the using the incorrect URL. The docs don't make it very clear but the URL:
https://graph.microsoft.com/v1.0/me/drive
Does not work if the 'Drive' is actually part of a share point instance. Although the UI says "Drive" when logged in as the user, the URL contains reference to being share point.
The correct url to use is actually:
https://{tenant}-my.sharepoint.com/_api/v2.0/drives/{drive id}/root/
Once your user is authenticated and you retrieve an Access Token on behalf of that user. You would simply call this endpoint:
https://graph.microsoft.com/v1.0/me/drive/root/children
You may also want to look into a folder on that users OneDrive as well:
https://graph.microsoft.com/v1.0/me/drive/root:{/Folder-Path}:/children
Your URL is correct as well and should work as I just tested using my 'user-id' and was able to retrieve the files in my onedrive.
https://graph.microsoft.com/v1.0/users/{user-id}/drive/root/children
References:
https://stackoverflow.com/a/46614072/6559330
https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/driveitem_list_children
You must use the scope Files.Read.All or Files.ReadWrite.All. In doing so, your requests to will no longer return an empty array.
I'm adding custom data to Meteor user accounts for the first time. I've been able to add custom fields without difficulty and I know they're there because I can see them in Mongol. I am publishing via a global subscription so how do I then go about reading data from individual fields? It seems the syntax is very different from that when using publish/subscribe methods.
So, I have user accounts like this (as seen in Mongol):
"_id": "#################",
"profile": {
"name": "Test User"
},
"customfields": {
"customfield1": [
"A","B","C"
]
}
}
In server/main.js I have the following
Meteor.publish(null, function() {
return Meteor.users.find(this.userId, {fields:{customfields:1}});
});
This seems to be publishing fine. But what code do I use to render the cursor as data? I've been using variations on code like this in client/main.js and having no success:
var stuff = Meteor.users.find(this.userId).fetch();
console.log(stuff.customfield1);
Any help appreciated.
MyCollection.find() returns a cursor whereas MyCollection.findOne() returns an object, i.e. a single mongodb document.
A publication must return a cursor or array of cursors. You publication is fine.
You are basically trying to make the customfields key of the user object visible on the client. (The profile key is automatically published by Meteor).
On the client, where you are doing:
var stuff = Meteor.users.find(this.userId).fetch();
You can simply use:
var stuff = Meteor.user();
or
var stuff = Meteor.users.findOne(Meteor.userId());
Then stuff.customfields will contain what you're looking for.
The second form is way too verbose for me unless you're looking for a different user than the logged in user.
Note: this.userId on the client will not be the userId of the current user, it will be undefined. That only works on the server. That may actually be the root cause of your problem. In addition, your publications must be ready() for the data to be available. This isn't true immediately after login for example.
Since customfield1 is nested in customfields, did you try stuff.customfields.customfield1?
For creating a group, a user and assigning the user to that group, I referred this link Add permission profile through API.
Using REST APIs I am able to do that but permission for user is not getting set.
When I check in DocuSign, group is having correct permission set but same is not set for a user. Please let me know if I am missing anything.
Additional Information: This is the request I am sending
{
"newUsers":[{
"email":"'.$email.'",
"userName":"'.$userName.'",
"password":"'.$password.'",
"groupList": [{
"groupId": "'.$groupId.'",
"groupName": "'.$groupName.'",
"permissionProfileId": "'.$permissionId.'"
}]
}]
}
Also, when a user is added to a group, permissions set at group level will be applied to the users. Is there something missing?
When you create a permission profile you use this endpoint:
POST {vx}/accounts/{accountid}/permission_profiles
the response body for that endpoint should contain this info ( I omitted some details from the response)
{
"permissionProfileId": "sample string 1",
"permissionProfileName": "sample string 2",
...
}
Once you have the permissionProfileId and permissionProfileName you should be able to assign that permission profile to a user using this endpoint:
PUT {vx}/accounts/{accountid}/users/{userid}
and using the permissionProfileId and permissionProfileName in your request (I used dummy values here):
{
"permissionProfileId": "12345",
"permissionProfileName": "SomeName"
}
I hope that helps!
-Yadriel
According to the Facebook Graph API documentation, the fields param acts as a result mask:
By default, most object properties are returned when you make a query.
You can choose the fields (or connections) you want returned with the
"fields" query parameter.
Indeed, this works fine for most fields. For instance, /7354446700?fields=name,picture returns:
{
"name": "Grooveshark",
"id": "7354446700",
"type": "page",
"picture": "https://fbcdn-profile-a.akamaihd.net/hprofile-ak-snc4/203560_7354446700_6819703_q.jpg"
}
However, for some reason, as soon as the likes field is added to the fields list, things break down. For instance, /7354446700?fields=name,picture,likes returns:
{
"name": "Grooveshark",
"id": "7354446700",
"type": "page",
"picture": "https://fbcdn-profile-a.akamaihd.net/hprofile-ak-snc4/203560_7354446700_6819703_q.jpg",
"likes": {
"data": [
]
}
}
Even more strange, if I omit the other two fields (name and pictures), sending only likes, I get
{
"likes": {
"data": [
]
}
}
The reason I find this extra-strange is because the "mandatory" fields (id and type) which should be added to every response are not included here (although they were included when fields=name,picture,likes).
What appears to be happening is that the field=likes parameter appears to be misinterpreted as a Connections request rather than simply a field mask, hence the data segment that normally appears when you'd call /7354446700/likes.
Is there a good reason for this? Is there any other way to get the likes field without fetching the entire object? I can't imagine this would be expected behavior, so I assume it is a bug, but I thought I'd ask here first before filing one.
This indeed appears to be a bug; I've checked internally and there's an as yet unresolved task open to fix this issue which was reported to us in our bug tracker previously.
In the meantime, the default return value for a page will include the 'likes' field even if it cant be retrieved solely.