When I register a Desktop application, I get the to choose from one of the following Redirect URIs:
What is the 1st one (msal<client_id>://auth)? What standard does its format coming from?
What is the 1st one (msal<client_id>://auth) ?
msal<client_id>://auth is a Desktop/Mobile Redirect URI(Reply URL) is the location where the authorization server sends the user once the app has been successfully authorized and granted an authorization code or access token. The authorization server sends the code or token to the redirect URI, so it's important you register the correct location as part of the app registration process.
For more information you can follow this MS Document in which format and Maximum number of Redirect URI can be do.
What standard does its format coming from?
When you are adding a Redirect URL for Mobile+Desktop application. You don't need to add a redirect URI (if you're building a Xamarin Android and iOS application) that doesn't support the broker redirect URI. It is automatically set to msal{ClientId}://auth for Xamarin Android and iOS.
You can override the redirect URI by using the RedirectUri property (for example, if you use brokers). Here are some examples of redirect URIs for that scenario:
• RedirectUriOnAndroid = "msauth-5a43469XXXXXc://com.microsoft.identity.client.sample";
• RedirectUriOnIos = $"msauth.{Bundle.ID}://auth";
Please refer this MS document for more information.
Related
Trying to allow my application to read my gmail.
Created OAuth 2.0 client, set up redirect urls for it.
Started service and got prompt
Please visit this URL to authorize this application:
But this url has incorrect redirect_url param (it sets localhost:xxxxx where port is always a random number). This URL is not what I set up creating OAuth client (my redirect uris are on the same host as my application). So I can't authenticate my service to my gmail. Why?
Should the redirect uri return smth? I've read all the related questions, but can't find an answer.
I've created a web application using Node.js that relies on a google API (specifically the DCM/DFA reporting API). It redirects the user to login to their gmail account, and after a successful login redirects back to the web application.
Suddenly my company has told me that this web application needs to be restricted to internal use only, and that they won't host it on a public domain for security reasons.
Is there any way to get Oauth to redirect to the internal domain? When I try to set the redirect domain in the google developers console I get an error message that it is not valid. Is there anyway around this?
The sample redirect url you can add at Console and Code is:
http://localhost:8080/authcallback
(Remember to not add trailing / in url)
I am programming a command line tool (installedApp) that will need access to the Google Sheets of the user. For this I need to get an access token from the user.
I am following these guidelines OAuth2InstalledApp. So far I managed to get the authorization code by using the http://localhost type of redirect_uri. I specified http://localhost:7373/authorizationCode as the redirect_uri and I have a local server listening on port 7373.
But when I make the request to get the access token, I get an HTTP 400 Bad request response with a
redirect_uri_mismatch error
. When I make the request,the redirect_uri is defined as "The redirect URI you obtained from the Developers Console". Which is kind of wrong because when you create an Installed app you don't have the ability to specify a redirect uri (only with web apps). https://infinit.io/_/i48b2rM
So my question is what am I doing wrong?
When you create a client ID in the Google Developers Console, two redirect_uris are created for you: urn:ietf:wg:oauth:2.0:oob and http://localhost. Also you can consider urn:ietf:wg:oauth:2.0:oob:auto .The value your application uses determines how the authorization code is returned to your application. choose a redirect uri
I've set up my SharePoint 2013 on prem site to accept authentication from Google and Windows Live. Windows Live login works for the most part. I've set up an ACS in Azure where I've specified the return URL after the user signs in. I have entered the same return URL in the Google Developers console.
However, after the user logs in to their Google account, they get the following error:
Error: redirect_uri_mismatch
Application: Test
You can email the developer of this application at: myemailaddress#copmany.com
The redirect URI in the request: https://mysite.accesscontrol.windows.net:443/v2/openid did not match a registered redirect URI.
Can anyone tell me what I am doing wrong here, especially since the return URLs are the same in Google Developer Console > Credentials, as well as Azure ACS > Relying party applications.
Edit: The redirect URL is https://subdomain.mydomain.com/_trust in both Google Developers Console and Azure ACS.
Thanks!
You'll note the page is being served by Google (with it's little broken robot thingy). So the problem is at their end.
Though it's not actually a problem but rather a security measure in that you have to explicitly enable the redirect url. Otherwise some level of hijinks may ensue, at your expense.
So you need to log into your Google developer console and add the redirect url of your Azure ACS account (not your web app / relying party) to the permitted redirect URLs.
So the image above is obviously after I had already entered the redirect Url.
Click the edit button and add it on a separate line.
And you're done.
Otherwise judging by your edit, it looks as though you have simply used the wrong url. You use the ACS callback URL not your website URL as the flow goes back through ACS which reissues the token in it's own format.
I'm working on connecting Nest and SmartThings and I'm running into an issue with the redirect url for auth. SmartThings requires a redirect url that will be different for every user. But it appears the Nest API will only redirect back to exactly the URL provided in client settings. Am I missing something? I would rather not use pin auth as forcing users to remember the pin isn't ideal.
Nest does not support wildcard redirect URI's. It is expected that you run your own server to capture the response. (Which can then redirect to user or device specific services as needed)
The PIN flow only requires the user to enter the PIN number only once to pair, after that the client app can generate a token that is good for the life of that app. (For all practical purposes)