We have setup an application to use Azure AD (Social Sign-In) to authenticate users. Authentication now Works
But I cannot figure out how to use Azure group membership or Azure roles to determine what roles an APEX user has.
ChatGPT suggest this function. It makes perfect sense. It allows APEX to check if current user is member of a group by returning a boolean value. ChatGPT suggest that I designate the code in a Type field but I cannot find it.
function is_member_of_group(p_group_name varchar2) return boolean is
l_clob clob;
l_token varchar2(4000);
l_username varchar2(4000);
l_group_exists boolean := false;
begin
-- Retrieve the user's access token
l_token := apex_authentication.get_access_token('AZURE_AD', 'USER_ACCESS_TOKEN');
-- Retrieve the user's username from session state
l_username := :APP_USER;
-- Call the Microsoft Graph API to retrieve the user's group membership information
l_clob := apex_web_service.make_rest_request(
p_url => 'https://graph.microsoft.com/v1.0/users/' || l_username || '/memberOf',
p_http_method => 'GET',
p_parm_name => apex_util.string_to_table('Authorization,Bearer ' || l_token),
p_parm_value => apex_util.string_to_table(null),
p_wallet_path => null,
p_wallet_pwd => null,
p_proxy_override=> null);
-- Check if the user is a member of the specified group
for i in 0..json_array_size(l_clob)-1 loop
if json_value(json(l_clob), '$[' || i || '].displayName') = p_group_name then
l_group_exists := true;
exit;
end if;
end loop;
-- Return the result
return l_group_exists;
exception
when others then
-- Handle errors here
return false;
end;
If this is correct, where should I put it?
I have also looked at the article
https://oracle-base.com/articles/misc/azure-ad-authentication-for-oracle-apex-applications
The example also makes sense even though I don't understand how it is possible to call Azure without some sort of access token. But also it only extracts full name and does not servce my purporse.
Any suggestions?
Thanks in advance