I have followed this tutorial (https://medium.com/authpack/easy-google-auth-with-node-js-99ac40b97f4c) to create a simple Google OAuth and I have accomplished it successfully.
Now I am trying to do the same with Microsoft and I cannot.
I have ready a lot of posts about it, but I am failing.
I have one app in the Azure Dev Portal, I have tried to send the user to the URL https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id={{my_clien_id}}&response_type=code id_token&scope=https://graph.microsoft.com/email, but I am receiving error messages only.
How can I have the user email using the Microsoft OAuth?
If you are looking for user email accounts as AD user accounts or office 365 accounts then you can go for Azure Active directory app.
If you are considering social logins like facebook or google or Microsoft then you need to search for Azure Ad B2C.
Here are some article which can help you:
Azure AD B2C
Azure AD
Related
I have my website integrated with Live SDK applications to allow customers to login to their MSN, Hotmail, Outlook, etc. email accounts and invite friends to my website by reading the contacts. This used to work properly but now it's not working anymore.
When I use the App ID / Client ID from the old Application Registration Portal (https://apps.dev.microsoft.com) I get the following message when I try to login using my Microsoft account.
invalid_request: The provided value for the input parameter 'redirect_uri' is not valid. The expected value is a URI which matches a redirect URI registered for this client application.
I see from the Application Registration Portal that I can now use Azure to manage my App Registrations, so I basically setup the same app under Azure with the following criteria.
Authentication: Selected Web and setup the same Redirect URI I was using previously when this was working.
API Permissions: I added "Microsoft Graph" with email, Contacts.Read, openid, profile, and User.Read.
And when I try to login to my Microsoft account using my Azure app Client ID / App ID I get the following message.
unauthorized_client: The client does not exist or is not enabled for consumers. If you are the application developer, configure a new application through the App Registrations in the Azure Portal at https://go.microsoft.com/fwlink/?linkid=2083908.
Should I try making this work using Azure instead of Application Registration Portal credentials? If so, why is it saying "unauthorized_client" when I try to login?
Thank you!
Register your Azure AD app as Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox).
My company has developed a web-based application for internal and external use. The application is developed by angular + asp.net WebApi and authorised by OAuth. Users have to use the username and password given by us to login. The application works well. Recently, clients made a new request to login our system through Azure AD SSO. They want us to integrate their Azure AD.
Requirements:
On login page, there should be a new option for users to login our system by connecting to their Azure AD.
Alternatively, if their employees are connected to their system and then visit to our website, they will be automatically logged in our website without entering username and password.
I have no knownledge about Azure AD SSO and still get confused even I did some search on google. Can someone give me some advice or hints?
Using Msal with Angular you can implement the Azure AD SSO login. There are multiple code samples and microsoft documents available to achieve your requirement.
Please go through the documentation and code Sample.
In the Angular sample there is a function as mentioned below which verifies the user credentials if the user is already logged in or not.
checkoutAccount() {
this.loggedIn = !!this.authService.getAccount();
}
I have registered a multi-tenant app in my Azure subscription. using this App, I want to create an OAuth flow for my client to be able to give me permissions to create an app in his active directory.
We are using OpenID connect flow to access the Azure AD graph API.
In spite of making our app multi-tenanted via the console, we are getting the following error when the client (xyz#outlook.com) tries to sign in:
User account 'xyz#outlook.com' from identity provider 'live.com' does not exist in tenant 'Default Directory' and cannot access the application 'bf5ca806-xxxx-xxxx-xxx-xxxx' in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account
I used the following endpoint to get an access token:
https://login.microsoftonline.com/common/oauth2/authorize?
client_id=xxxxxxxx-xxxx-xxxxx-xxxx-xxxxx
&response_mode=form_post
&response_type=code+id_token
&redirect_uri=http://localhost:8080
&prompt=admin_consent
&nonce=1234
&resource=https://graph.windows.net
Please help me to resolve this error
Unfortunately, you cannot use a guest user to login Azure AD Graph Explorer for now.
I came across the same issue as yours long time ago and I understand it's very important for customers. So, you can post your idea in this User Voice Page and the Azure Team will see it. I will also upvote for it.
But there are other solutions if you don't mind:
Solution 1: Try to use an internal account of that directory which upn ends with .onmicrosoft.com
Solution 2: Try to use other tools to get access token with a guest user(this account also need to be an admin of that directory), such as postman. Then you can use Postman to call Azure AD Graph API. You can refer to this blog to use Azure AD Graph API with Postman.
Hope this helps!
I would like to take user details from Microsoft AZURE Active Directory and let that user login through auth0.
Additionally I want all the user in azure active directory to get provisioned into auth0 database.
To enable the app to authenticate with auth0 which also support Microsoft Azure AD accounts, we need to config auth0 to connect the Azure AD. You can refer this document for the detailed steps.
And after you login using the Azure AD account, it should be provisioned into auth0 database automatically. You can check the uses using the API Explorer provided by auth0 to check the users.
I created a B2C AD in my developer account on Azure.
In this environment I have users created in my personal AD, and users in AD B2C (where the user can log in with: twitter and facebook).
I found an ASP.NET project that logs in to these two ADs, but with two types of logins, one for normal AD and one for AD B2C. And from what I've researched, the only way to log in to these two different ADs is this way.
Does anyone know of a way to make a single login in these two ADs?
You could do it now with custom Azure AD B2C policies. It is however quite an advanced scenario.
Using them you could put all authentication behind B2C. User could choose to sign in against your Azure AD or through Twitter or Facebook on the B2C sign-in page instead of your application.
Custom policies: https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-overview-custom
Documentation on using Azure AD as a provider in B2C: https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-aad-custom
GitHub repo with examples: https://github.com/Azure-Samples/active-directory-b2c-advanced-policies
Thanks for the quick response.
I tried to do this but could not find the settings needed to put Twitter, Google and Microsoft. For Facebook and other AD worked.
I found a post, that Microsoft will soon make available an "Identity Provider" to validate the user in another AD.
For now, I'll put two Sign-in in my application, one for the company's AD and another for the B2C AD.
I am now looking for a way to get the user's profile in AD (Name, First Name, Last Name, Job Title, Departament, ....).
Once this is done, I'm going to make a DEMO and publish it to github, I think this will help a lot of people.