I have a mobile app, in which am i need to read a list from SharePoint online. But I cannot able to login to the Sharepoint api using Azure AD.
I have tried many approaches like passing client ids, all the responses are like redirecting to the domain, but I don't have any domain since mines are mobile app.
So kindly help me to login to the Azure AD without redirectUrl
GET https://login.microsoftonline.com/{tenant}/adminconsent
?client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&state=12345
&redirect_uri=https://localhost/myapp/permissions
In the above method after successfull login am redirecting to the mentioned redirect url but i dont have any domain, since i'm developing mobile apps.
I'm using ionic with angular app.
Kindly help is there any way to get a access token.
You don't need your own domain.
Redirect URI is unique to your application and it will return to this URI when authentication is complete.
For native app(mobile app), when authentication is successful, the code or token will be included in the redirect url.
You don't need to worry about it because if you are using MSAL or ADAL, you may select from the suggested Redirect URIs in Azure AD app Authentication page.
Related
I'm writing an app which will allow me to get specific data from outlook/exchange using the EWS on behalf of a slack/outlook/exchange user. to authenticate via Microsoft’s oauth flow I created a azure a client_id and would like to initiate the oauth flow for m265 from the apps Home Screen. In order to create the client I’d I also need to provide a redirect url within azure ad.
Where can I find documentation on how to best use external oauth flows? (This is not about installing/authorizing the app within slack).
I’d like to add a "connect to outlook" button on my apps home page after installing from which to start the flow.
Shall I call the Microsoft login (oauth) url directly or should I first link to my apps web server?
When calling the microsoft login I need to provide a redirect url (which needs to match the one in azure ad) to which the authorization codes gets returned.
For some apps (e.g. outlook calendar for slack) this seems be a slack url.
servicenow seems to use something like…
https://slack.com/interop-apps/servicenow/snow_oauth_redirect
Is there a way to define such an url for my app within slack?
How will the authorization code be handed over to my app (I assume to the Request url I defined for my app…?
Thank you for time and consideration..
• I am considering here that you are providing authentication for your application through Azure AD, thus, to configure redirect URIs after authorization code or token is received post successful authentication, please refer the below documentation on redirect URIs. It specifies in detail the configuration restrictions that should be followed while configuring a redirect URL in Azure AD: -
https://learn.microsoft.com/en-us/azure/active-directory/develop/reply-url
Similarly, to configure a redirect URL for an application in Slack, please check the callback URL settings configured because it is required while redirect URL is an optional thing. Also, Slack will redirect the users to the callback URL itself configured in app settings if redirect URL is absent. And if provided, the redirect URL's host and port must exactly match the callback URL. The redirect URL's path must reference a subdirectory of the callback URL. Please follow the below link for more information: -
https://api.slack.com/legacy/oauth
In the above URL, go to ‘Using access tokens’ and ‘Redirect URLs’ section for exact information.
• And as far as calling the Microsoft login (OAuth)URL directly or linking it to your app’s web server, I would suggest you provision your Azure AD users in Slack by following the below documentation link or configure SSO with Slack by adding it in Enterprise Applications in Azure AD from application gallery and then configure the API permissions required for accessing the data from Exchange through EWS. In this way, proper configuration and redirection can be achieved for the users which are allowed to access the specific data from Exchange.
https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/slack-tutorial
https://learn.microsoft.com/en-us/azure/active-directory/saas-apps/slack-provisioning-tutorial
we have a website hosted in IIS, we have pointed the multiple domains to the same website.
like
www.exmple.com
www.example.in
www.wxaple.co.uk
and so on.
similarly, we have pointed more than 30 domains to this website.
Before there was no authentication on this website, now we need to implement authentication. so we have used OpenID connect and Azure AD for authentication.
https://learn.microsoft.com/en-us/azure/active-directory/azuread-dev/v1-protocols-openid-connect-code
This is working fine for one domain because we can configure the redirection URL for 1 domain. But how we can make sure this will work fine for all domains.
or any other approach to implementing this.
Though you have many domains in a website, when you login in your website the appId is the same. So, you could use the access token to request your domain website.
BTW, you need to add your domain into your Redirect Uri in App registered in your Azure AD.
I am using Azure 'B2C', and users are creating successfully in B2C. And I am using dynamic web apps. ie, there is number of web apps are present.
sssss01.example.com
sss2.example.com
wwwss2.example.com........
When a user want to login using B2C, it's successfully login, but it reply url is not correct. I checked in azure, B2C app not supporting wildcard(*). So Is there any option to add wildcard, or any other method to manage pragmatically ?
Sign in reply url is different for different web apps.
Wildcard redirect URLs are not supported in OAuth2. See: why are redirect URLs fully qualified.
Unfortunately, we can't manage B2C programmatically.
You can upvote this item on User Voice and subscribe to stay updated: https://feedback.azure.com/forums/169401-azure-active-directory
Others have suggested this same feature but the User Voice forum appears to be down right now.
I am registering a Native application in the Microsoft application registration portal with the goal of giving it delegate permission to my separately registered Azure Web API. As I understand, this is the normal setup for desktop or mobile application, because an authorization UI cannot be directly shown to the user.
Since my application is an Amazon Alexa skill, I must use the mandated Alexa redirect links. Within the Microsoft application registration portal these links need to be placed in the custom redirect URIs section of my native application platform (See image below). It would like me to use a URI like "msalaaaaa-bbbb-ccc-dddd-111111111111://auth", which I guess works for Azure mobile and desktop native applications.
Why does the portal not permit a http URI? When will this feature be implemented or do I have a miss-understanding?
Thanks,
Microsoft do not support transmitting tokens over unsecured channel. Currently, apps that are registered in the Application Registration Portal are restricted to a limited set of redirect URI values. The redirect URI for web apps and services must begin with the scheme https, and all redirect URI values must share a single DNS domain. For example, you cannot register a web app that has one of these redirect URIs:
https://login-east.contoso.com
https://login-west.contoso.com
I've read through every resource our there on the servicestack wiki, examples on github, forums and stackoverflow to figure out implementing facebook integration with a mobile app and servicestack backend. However, none of them have the answer or I'm missing something basic.
In our workflow, a user decides to Register on through the mobile app using Facebook:
We contact Facebook requesting permissions to the user's account
User grants permissions (let's not worry about denied for now)
We get a user access token and everything is good so far
Next, we want to access our ServiceStack backend (using the Facebook Auth Provider) to create an account and automatically log the user in the first time. The examples refer to the method where a web browser is used. What if I want to pass the user auth token from my mobile app to the server to fetch the user permissions and create an account if it doesn't exist and then log the user in?
The existing endpoint seems to work only for a browser app because it also does a redirect. We need a way to pass in the user auth token and log the user in (or create an account if it doesn't exist). Any idea how this can be accomplished?
To login via OAuth in Mobile Apps, you'd typically launch a browser control to have it redirect to the remote OAuth site where it gets the users permission and captures their credentials just as it would with a website.
If you're developing a Mobile App using Xamarin the TechStacksAuth shows an example on how you can use Xamarin.Auth control to authenticate with a ServiceStack back-end via OAuth.