I am trying to integrate Azure's AD in my spring-boot app. I have pushed the project onto github (https://github.com/praveenk007/azure-ad).
The authorization code is generated and redirected to below redirect URI:
https://localhost:8081/login?code=OAQABAAIAAAAm-06blBE1TpVMil8KPQ41GNiib9Q4VuBeBjtPhyypfg50XD6swPFt4jE4G1sEaG0zuxgPdGnS43ygiZ2dZB7nxuaXSnbqMzEtdEbMiKmTlYb343BpHOD2xL0dpkkTZQk8kesIwjzzE7B3aHG7xFEhITzuBsctrbBadsUuykNdVq8CCRIYQHuxwSA2g59LDoRrJPbGncKtfDgoMNUxPk0gpJwxCf4KttbA3qe8BTXweYdYaZ5mJs2x2blY3hTVId9PDEFGS_XULvHMAMR3Q6af_B2T2TwLlOKufVYcX6R5nQTaYtpSQXqrCd2TYbBZ8Oj-B4lKpw1Ds6OC6R-wvFR6TpWRNlqzItaE0I3KlKTN5EFDso74A2Ky1B52waG5FCwWSwD4-kchKl-IEBRgPUd5UzHOlHECs_TZQpvwvMtek-4IYe0ErgvP1b3S8_qDh9ALsyNYLtdRJXaBfaXi7wGZKoiPIu3PTLExAMdYscHCJ5YaK5jx-bgkX1FrHdOjxXrgjnoo6tE-jCrRBVi9xGpK23PLOpSkj38Rm2-SpjAhpzKpZZSnKFkIWUZ9ZzRX4PFrTo3Zp7BE_VcFqxU1F5AEFyj8KpH0I6QOvtjLHLIHMSAA&state=CvSY3DNRqCWUYPA6V51nJa3cpvzxCUu_JKfMgsOInFA%3d&session_state=442a62c2-8534-4412-8368-e87a4afbd88d
But I see this login page again:
I didn't see any calls to fetch token in the debug logs. Ideally the framework should have handled that flow.
I have another project which is non reactive and that works without any additional code.
Tried searching online, but there are no documents on integrating azure in reactive environment.
Kindly help me fix this.
You are trying to implement Code Grant flow. This flow needs to implement two requests in order to get the token. The first request is to get the code and the second request is to get the token with the help of code we got from the first request.
So, You have successfully completed the first request. You need to pass the code you have got in the above image you have shared as a post request to the Authentication Server to get token. Please go through Microsoft Document for more details.
The second request which helps you to get token looks like below
POST /{tenant}/oauth2/v2.0/token HTTP/1.1
Host: https://login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&scope=https%3A%2F%2Fgraph.microsoft.com%2Fmail.read
&code=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq3n8b2JRLk4OxVXr...
&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
&grant_type=authorization_code
&client_secret=JqQX2PNo9bpM0uEihUPzyrh
Ok. I figured this out. The redirect-uri was incorrect. Changed to https://localhost:8081/login/oauth2/code/azure and it worked.
Thanks.
Related
I have an issue when trying to hit an endpoint in business central though a node application.
Using OAuth2 in postman I am able to get a desired response as seen below
This my configuration for Authorization:
but when trying to hit the same endpoint in Node using MSAL I get a 401 response.
This my configuration
I even tried taking the token generated by postman and inserted it into my application and was able to hit the endpoint with the desired response. I'm not sure what is missing from my application that's causing it to get a token that when used returns a 401 response.
What's missing from my application or is it something that I need to do in Azure or Business Central ?
I'm not an expert on Node, but I have used MSAL with PowerShell.
Getting the token through MSAL.PS (the PowerShell module for MSAL) you have to set the Scopes that you are requesting a token for.
In this case the scope should be https://api.businesscentral.dynamics.com/.default when you want to access the Business Central APIs.
We are currently integrating with the DocuSign click API. We are are using JSON Web Token Bearer (JWT) grant and the following calls are working fine.
GET /clickapi/v1/accounts/{accountId}/clickwraps?status=active
GET /clickapi/v1/accounts/{accountId}/clickwraps/{clickwrapId}/users?client_user_id=<clientUserID>
To hide {accountId} and {clickwrapId} from the UI, I was trying to follow this approach React Docusign Clickwrap Credentials
But I am getting response 401-Unauthorized when I tried to call api POST /clickapi/v1/accounts/{accountId}/clickwraps/{clickwrapId}/agreements with body
{
"clientUserId": "..."
}
These are the authentication scopes set: impersonation,signature and click.manage.
In API Documentation there is nothing related with that POST api. Is that a valid API? why I am getting 401?
It appears you also need the click.send scope for this Click API endpoint.
I'll request we update the documentation to reflect that. Sorry about the confusion.
+1 to above. Thank for reporting this issue as well. We're aware that the endpoint you callout above (/clickapi/v1/accounts/{accountId}/clickwraps/{clickwrapId}/agreements) isn't listed under the Clickwrap documentation. We're working on resolving that asap.
I'm using Microsoft Graph to access a user’s Microsoft account data from within a Node.js web application, to call rest APIs. But once authentication done, instead of return to ReturnURL, I'm getting ERR_TOO_MANY_REDIRECTS in the browser.
Below is the Node application, I'm using:
https://github.com/microsoftgraph/msgraph-sdk-javascript
As I see, it seems like some how access token is conflicts and due to that passport is not able to authenticate my requests.
Can someone please help me out here, where I'm missing here. I didn't make any major changes in the app.
Please let me know if someone need more info.
Thanks.
I've seen a couple of examples of this occurring. It's hard to tell exactly what is happening from the limited information you've provided but here are some examples of what I've seen in the past:
redirect_uri pointing to an endpoint that automatically redirects the user back to https://login.microsoftonline.com/common/oauth2/v2.0/authorize?. This results in an infinite loop.
redirect_uri is returning a HTTP 3xx status indicating a redirect (301, 302, 303, 307, 308).
redirect_uri is pointing to a page that checks for an authenticated user. Since the user hasn't authenticated yet (you've got an authorization_code but not an access_token yet) it triggers the authentication workflow again.
Currently I try to implement user authorization into an iOS app. Therefore we use Active Directory B2C.
Everything works fine, except the refreshing of my expired tokens. I call the request url (fabrikamb2c.onmicrosoft.com/oauth2/v2.0/token?p=b2c_1_sign_in) to get an access_token and a refresh_token. The response seems to be valid and the access_token works very well as long as it's not expired.
But if I want to get a new token (like it is described here: OAuth 2.0 authorization code flow; see chapter 4) the request just gets responded with a 400: Bad Request.
I can't find out, what I am doing wrong. Do you guys now a way, how to debug these requests or have some kind of checklist what needs to get configured within the Azure portal?
Thanks!
Edit: this is the request I am using:
POST /xxx.onmicrosoft.com/oauth2/v2.0/token?p=b2c_1_local-account-signupin HTTP/1.1
HOST: login.microsoftonline.com
content-type: application/x-www-form-urlencoded
content-length: 1148
client_id=xxx&refresh_token=xxx&grant_type=refresh_token&redirect_uri=urn:ietf:wg:oauth:2.0:oob
Thanks everyone for trying to solve my problem! It came out, that the refresh_token I was using was invalid. So if you are sure, that the request is correct, and you get just a Bad Request response, check the parameters one more time.
I believe you need to specify a value for the scope parameter. The scope parameter is used to inform B2C which resource you are requesting a token for. At this time you'll most likely want to use scope=<client_id> or scope=openid.
I'm having a hard time receiving an access_token and refresh_token via the OAuth 2.0 API of Azure AD B2C.
I'm following the official guide describing the OAuth 2.0 authorization code flow.
Receiving an authorization_token via the interactive login website provided by Microsoft works fine (URL: https://login.microsoftonline.com/[MY_TENANT]/oauth2/v2.0/authorize?client_id=[CLIENT_ID]&response_type=code&response_mode=query&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&scope=[CLIENT_ID]%20offline_access&p=[MY_SIGNUP_SIGNIN_POLICY]).
However, when trying to get an access_token via a simple POST request as stated in the documentation, I'm getting a 404 Not Found with the following POST request:
URL: https://login.microsoftonline.com/[MY_TENANT]/oauth2/v2.0/token?p=B2C_1_sign_in
Header: Content-Type application/x-www-form-urlencoded
Payload: grant_type=authorization_code&client_id=[CLIENT_ID]&scope=[CLIENT_ID]%20offline_access&code=[AUTHORIZATION_CODE]&redirect_uri=urn:ietf:wg:oauth:2.0:oob
Is the documentation wrong at that point?
Note: I'm not able to use any existing .NET or Java libraries providing this login procedure due to framework reasons. A C++ library would do.
I so very much want them to implement the usual complete headless OAuth2 protocol in a standard-conformant way ...
The problem was my misunderstanding of the documentation.
The policy (query parameter p) must be the same in all cases. Thus, the URL for the POST request has to be:
https://login.microsoftonline.com/[MY_TENANT]/oauth2/v2.0/token?p=MY_SIGNUP_SIGNIN_POLICY
Where MY_SIGNUP_SIGNIN_POLICY is exactly the same as in the login URL.