I'm developing an application with Xamarin.Forms, where the application should run on Windows and Android for the first version.
It should the Graph API to access OneDrive/OneNote.
I already managed to retrieve the name of the logged-in user under UWP (Universal Windows Platform).
So I tried to deploy the same app to Android, where the calls are quite similar with the following extensions:
UIParent is necessary
AuthenticationAgentContinuationHelper.SetAuthenticationAgentContinuationEventArgs(requestCode, resultCode, data); call is necessary
The UIParent part already works, but the AuthenticationAgentContinuationHelper cannot be built into the app.
Here Visual Studio says:
Duplicate Java type found!
Mappings between managed types and Java types must be unique.
First Type:
'Microsoft.Identity.Client.Platforms.Android.SystemWebview.AuthenticationActivity, Microsoft.Identity.Client, Version=2.6.2.0, Culture=neutral, PublicKeyToken=0a613f4dd989e8ae';
Second Type:
'Microsoft.Identity.Core.UI.SystemWebview.AuthenticationActivity, Microsoft.IdentityModel.Clients.ActiveDirectory, Version=4.3.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35'
The Xamarin application is started as new app using the ".NET Standard" code sharing strategy with blank template from Visual Studio. As I read this has superseded the "PCL" way, which cannot be selected in VS2017.
Do you have an idea how this could be resolved?
This error started because the MSAL repo was sharing code with ADAL while the team worked to bring feature parity to MSAL and a common cache. Then, MSAL was moved back to its original repo, but the Android and iOS namespaces were not updated, so there was a conflict if using both ADAL and MSAL in the same project.
This has been fixed in MSAL 2.7 for the iOS ViewController classes and ADAL 4.5 for the Android AuthenticationActivity classes.
Are you sure you need both Microsoft.Identity.Client (MSAL) and Microsoft.IdentityModel.Clients.ActiveDirectory (ADAL) packages?
MSAL is used to authenticate against the AAD v2 endpoint, whereas ADAL is used to authenticate against the AAD v1 endpoint, so in theory you'd need either one or the other.
Maybe there are cases where you'd need both, but I was getting the same error and as I was using MSAL to authenticate I uninstalled the Microsoft.IdentityModel.Clients.ActiveDirectory nuget package and all was well.
Related
I would like to be able to use the authentication token that I get when logging into my webapp through msal. If I use the toolkit I am forced to log in again (mgt-login). How can I bypass the second login? Thanks.
It sounds like you are already using msal.js in your application, correct?
This feature is not yet available, but we added the capability to configure an new MsalProvider with an existing UserAgentApplication object from msal.js.
This capability was added recently by a community member and is available in the latest preview:
https://github.com/microsoftgraph/microsoft-graph-toolkit/releases/tag/v2.0.0-preview.1
You can find details on this new feature in the mgt preview docs here:
https://github.com/microsoftgraph/microsoft-graph-docs/blob/mgt/next/concepts/toolkit/providers/msal.md#pass-an-existing-useragentapplication-in-the-useragentapplication-property
I couldn't find answers about using both frameworks working together.
We are planning to build an identity provider service (like Google Account) which is used to authenticate a user and provide OpenId Connection protocol to a Rely Party app. We have existing projects built in ServiceStack which work all fine. However, ServiceStack seems not to be compatible with IdentityServer4 in regards to authenticating a user. ServiceStack has its own authentication mechanism and IdentityServer4 relies on Asp.NET Identity Model. If I sign in via ASP.NET Identity Model, ServiceStack APIs may not recognize the user has signed in. And vice versa.
Is there any suggestion about this is a dead end or some solution that may make them work together?
The mvcidentityserver Project Template contains a pre-configured ServiceStack + IdentityServer4 starting project template:
$ dotnet tool install -g x
$ x new mvcidentityserver ProjectName
See the Using IdentityServer4 Auth in ServiceStack docs for more info on ServiceStack + IdentityServer4 integration.
In addition there are a couple of options available from the ServiceStack community:
Using IdentityServer 4 with ServiceStack and Angular
servicestack-authentication-identityserver
JwtAuthProviderReaderPatchedForIdentityServer4.cs - description
I am developing cordova based hybrid mobile apps targeted for android and iOS smartphones.
Usecase: The application authenticate user and then would be accessing Google Calendar API's, and finally display user events on the app.
Note: I will be Using 3-legged OAuth and Google Data APIs without the client libraries.
Question
The Cordova-enabled WebView provides the application with its entire user interface, so what should be the application type in this case?
Since everything is going inside webview, so Shall I choose "Web Application"?
OR
Do I need to create seperate Applications type for Android and iOS
seperately?
Or can iOS Application Type work for both Android and iOS?
Please suggest what should be the proper approach to choose application type in this case.
Thanks!
It depends on how your app is setup. If you plan on handling all of the OAUTH processing on a backend server then you can use the Web application type, and you can have all the OAUTH work offloaded to the backend server.
If you do not have a backend server and will do all OAUTH processing on the user's device, then you should create both an iOS and Android client ID. For example:
https://github.com/EddyVerbruggen/cordova-plugin-googleplus
This plugin's documentation shows the creation of both an iOS and Android client ID to enable Google Sign In on a Cordova app.
Here is my problem, I create a brand new AspNetCore WebApplication in VS2017 RC.
Since I want to use Azure AD B2C to authenticate, I add the required NuGet packages:
Microsoft.AspNetCore.Authentication.Cookies
Microsoft.AspNetCore.Authentication.OpenIdConnect
I then add all the code to configure authentication. In fact, I reproduced the app demoed in this Channel9 video: https://channel9.msdn.com/events/Ignite/Australia-2017/CLD336a
It works fine and I can authenticate as expected. Now I want to get an access_token in order to access my WebApi also secured using AAD-B2C. For this, I need to change the ResponseType to
ResponseType = OpenIdConnectResponseType.CodeIdToken
and handle the OnAuthorizationCodeReceived event. In order to do that, my understanding is that I have to add the Nuget Package Microsoft.IdentityModel.Clients.ActiveDirectory. But this library will not target the v2.0 endpoint that I need for AAD-B2C.
So I saw in another GitHub solution (https://github.com/dzimchuk/azure-ad-b2c-asp-net-core) that i could use the Microsoft.Experimental.IdentityModel.Clients.ActiveDirectory package.
Unfortunately, this package is not compatible with NETCoreApp,Version=v1.0 and I get this error message when trying to add it to my project:
One or more packages are incompatible with .NETCoreApp,Version=v1.0 (win-x64).
Package Microsoft.Experimental.IdentityModel.Clients.ActiveDirectory 4.0.209160138-alpha
is not compatible with netcoreapp1.0 (.NETCoreApp,Version=v1.0) / win-x86.
Package Microsoft.Experimental.IdentityModel.Clients.ActiveDirectory 4.0.209160138-alpha
What am I missing?
Azure AD B2C does not currently support access tokens to a resource other than "self". To get an access token for self, you just need to put your client/app id as the scope. You can post on User Voice to recommend this feature and check in on other user recommended features (this has been requested before).
In terms of your library confusion, you definitely want to stick with MSAL. The ADAL experimental branch is not recommended and not actively being developed.
I need to connect servicestack to ADFS, as well as the usual social id providers. I know there are apps that could do this for me, authbridge, thinktecture, etc, but would really like to have everything within one app.
Is anybody working on adding a WIF authentication provider to servicestack?
ServiceStack hasn't added any specific support for WIF, but it looks like it maybe provided by a 3rd Party (Auth10) in their ServiceStack Auth NuGet package:
https://nuget.org/packages/Auth10.ServiceStack