Jump to content
View in the app

A better way to browse. Learn more.
FMForums.com

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Add Oauth users with script step

3a35d4
in Script Workspace and Script Triggers

Featured Replies

  • Newbies

Why can I not add Azure AD authenticated accounts with the Add-Account script step.

I have users authenticating in AAD who need to invite other AAD users to my filemaker application. If scripting is not possible then they will all have to be entered manually. Why is this not possible? I saw this, https://community.filemaker.com/en/s/question/0D50H00006h9Eaz/add-account-missing-oauth-users but there wasn't any explanation of why it wasn't possible. This seems like it could be done exactly the same as local accounts, but instead, the feature is simply missing.

Edited by 3a35d4

For  best results, use Group-based OAuth authentication.  That way you never have to add users through scripting in FM, the invites and membership are handled on the Azure AD side only.

As to why it is not possible: you cannot add on-prem AD or OD or local groups or individual users either, the whole point of using External Authentication is that you have to NO account management in FM at all.

  • Author
  • Newbies

That was the original plan however different users in each group need different privilege sets based on their role in the organization, to restrict the tables/layouts that they can view. I don't see any way this would be possible if they're grouped.

 

Then create new groups, AD supports group-in-group memberships. It is not uncommon to create groups specific to an application or service. 
 

  • Author
  • Newbies

How would I go about viewing the group claims from the Azure AD JWT token? Is there any easy way that I can access these from within FileMaker? Or would I have to request them from the MS Graph API after I've already logged in?

You don't need to view the group claims to make the authentication works.  FMS receives the JWT token, decodes it and checks the groups in the groups claim against the name of the accounts (group based) that exist in the file.  At the first match it assigns the priv set for that account.

All of this happens in the background automatically.

If you need the list of groups for a user for some other reason then yes: you'll need to use the Graph API to ask for them. 

Create an account or sign in to comment

https://fmforums.com/topic/105631-add-oauth-users-with-script-step/
Go to topic listing

Important Information

By using this site, you agree to our Terms of Use.

I accept

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.