I am trying to authenticate to a server from my React-Native app using Azure AD.
Now, I don't understand what is a redirect URI and I don't understand where should I put my server's URL in Azure and what URL should I call from my React-Native app.
Documentation for it is quite confusing.
I don't understand what is a redirect URI
For React-Native app, the redirect_url is optional. Refer to this document for more details.
An url that ADLoginView will be redirect when login success, this property is optional.
I don't understand where should I put my server's URL in Azure and
what URL should I call from my React-Native app.
You needn't put your server's url in Azure.But you need to add authentication to your server. Then you can call your server api as normal, but with the Authorization header. This sample will help you to understand better though it is using aspnetcore.
You need to create register two applications in Azure portal. Client app and server app. You will get the access token via your native app and then use it to access your server app.
Related
Here is the problem.
I have an .net core web-api application with azure-ad authentication.
When I've added necessary AzureAD section to my appsettings.json file and redirect url-s to appregistration my backend worked fine.
But later I added build of react project to wwwroot folder and now, when I try to call backend method with authorize attribute I get CORS error from Loginmicrosoftonline
[CORS error from Loginmicrosoftonline]
First of all, web api project should be a daemon application so it doesn't have a sign in page as normal, nor a redirect url for AAD. And we can integrate AAD to protect our api but the api shouldn't ask users to sign in first.
In your scenario, it looks like you want to let users sign in in your react frontend app, then generating access token to calling the protected web api. I think you need to refer to this sample to integrate MSAL library in your react app(this sample containing an api written in nodejs, you can ignore api part since you had asp.net core api), and this sample for protecting your web api. You may also take a look at this answer.
And go back to your CORS issue, it appeared because you didn't use MSAL.js in your react app but directly going to the login URL. Microsoft identity platform required developers to use the library. I used to using ajax request to send a get request to the login url, and I got Cors issue as well.
We've enabled authentication on our Azure api app and it's working well. Clients are required to retrieve a oauth2 token for authentication and authorization to the service. Our service is a Express Node.js application and we are leveraging apidoc for the service documentation.
I can't figure out from the authentication configuration how to allow access to a url path without requiring authentication. For example:
https://app-myservice-staging-001.azurewebsites.net/constituents should require authentication
but the documentation url
https://app-myservice-staging-001.azurewebsites.net/apidoc should not
Current with authentication enabled everything under https://app-myservice-staging-001.azurewebsites.net is protected.
Is this possible and if so where do I need to look?
Answer based on link provided by amit_g. We opted to add our excludepath directly to our authsettingsV2 config using the Azure Resource Explorer since the /apidoc/* path applies to all our services.
I created web app in my Azure account. I have all details like tenat id, client id, client secret etc. While creating I have added uri as https://localhost and I also added scope Data.Read and added Application ID URI. But I can't open above mentioned url. Most possible that I am missing something in my mind and dont fully understand the rule how it should work, that is why I am asking for help. I need this localhost in order to test auth with Azure tokens. What exactly I am doing wrong?
Azure allows http protocol value for only localhost. Remaining all redirect URIs must begin with the scheme https. To use https, you should install SSL certificate.
HTTP: The HTTP scheme (http://) is supported only for localhost URIs and should be used only during active local application development and testing.
I am not sure what error you are getting Azure active directory basically Redirect back to the Redirect URL specified in the request provided to AAD after login using either the /authorize or /token endpoint is what AAD does. If the match is successful, AAD publishes the success response back to the same Redirect URI after successfully authenticating the user. Once the request reaches AAD, it verifies the Redirect URI and compares it with the reply URLs listed in the app registration.
For more information in detail, please refer below links:
How to create Azure Web App | Ciemasen
Localhost exceptions
Redirect URL with http but NOT localhost
I am trying to build an app in node.js that connects to Pinterest via its API. I can get an access token via Postman and test my app in single-user mode, but I am unable to incorporate OAuth2 to test my app for a second user. Every configuration of my code and settings at developer.pinterest.com yields the error "The provided redirect_uri ... does not match any of my registered redirect URIs."
I registered what I believe are correct callback URLs at developers.pinterest.com--many variants, with and without trailing slashes. My callback is hosted via https.
I tried calling Pinterest's auth URLs OAuth2 in my server code (node.js), and via browser address bar.
https://api.pinterest.com/oauth/?response_type=code&redirect_uri=https://www.outfinterest.com/auth/pinterest/callback/&client_id=5042375080944909391&scope=read_public&state=true
I attempted the auth from a browser logged into Pinterest as me, and from a browser logged in as a registered tester of my app.
What must I do to get Pinterest to accept my callback URL?
Do I need to submit my app for approval before I can authorize via OAuth2?
I resolved the problem by reducing the set URLs registered at developer.pinterest.com to just the one I need, then reloaded the page with the app settings.
I have a web app configured in my Azure AD.
On a machine, i have installed a connector and configured an application proxy with that connector.
I am now trying to connect from an Android mobile application to the web app through the application proxy.
If I use a WebView inside my app, I can load the User access URL, enter my credentials and I receive a cookie for use by following connections.
I need to be able to use other HTTP clients that do not have the possibility to show UI.
I was wondering if it was possible to somehow request access and refresh tokens, and add those to future requests. or if possible convert them to a cookie in some manner and add that in a header.
Your client app can simply use MSAL (or ADAL, or another OpenID Connect client library) to sign the user in and an access token for the App Proxy app. Then you can include that token in the Authorization header in requests to the endpoint from App Proxy. App Proxy will recognize it, validate it, and (if everything checks out) proxy the call down to the App Proxy connector, where the rest of the process happens as normal.
Here are the relevant docs: https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-configure-native-client-application