I want to add a login with Microsoft button to my mean-stack application. So I am using passport-microsoft.
By using passport.authenticate('microsoft', { scope: ['User.Read'] }), I could get these information: #odata.context, givenName, surname, displayName id, userPrincipalName, businessPhones, jobTitle, mail, mobilePhone, officeLocation, preferredLanguage. For me, my userPrincipalName is an email address, whereas my mail is null.
I have setup the application as follows, but if I write passport.authenticate('microsoft', { scope: ['User.Read', 'email'] }), the authentication gave me an "invalid scope" error.
Does anyone know how to setup my application and request to get the email address of a user?
If you look at the documentation for the user object, you will find the following:
mail
String
The SMTP address for the user, for example,
"jeff#contoso.onmicrosoft.com". Read-Only. Supports $filter.
userPrincipalName
String
The user principal name (UPN) of the user. The UPN is an
Internet-style login name for the user based on the Internet standard
RFC 822. By convention, this should map to the user's email name. The
general format is alias#domain, where domain must be present in the
tenant’s collection of verified domains. This property is required
when a user is created. The verified domains for the tenant can be
accessed from the verifiedDomains property of organization. Supports
$filter and $orderby.
So it seems the mail property does not necessarily represent the email address for the user, but is used specifically with Outlook and Office 365. It is also not a required property when creating a user. Instead, you should rely on the userPrincipalName to be the email for the user.
As for your error with the scope, you should share the full error message.
Related
I am configuring an Azure B2C instance and created a signupsignin userflow. Selecting "Display Name" and "Email Address" as User attributes I expected that it was possible to add those two attributes also as Application claims but "Email Address" is not a default option, only "Email Addresses". Even with that option on, when testing the userflow I can't see the "Email address" included as a claim. How do I have to configure Azure B2C using userflow (not custom policy) and getting the email address back?
I tried to reproduce the same in my environment and got the below results:
In my B2C tenant, I created one Sign up and sign in user flow by enabling emails in return claim as below:
I created one B2C application and selected it while running user flow like below:
When I ran the user flow, it displayed sign in screen with email address as below:
If the user signs in successfully, they will get code in their address bar along with redirect Uri like this:
I used the above code to generate token via Postman like below:
POST https://tenant.b2clogin.com/tenant.onmicrosoft.com/B2C_1_SignUpSignIn/oauth2/v2.0/token
client_id: AppID
grant_type:authorization_code
scope:openid
client_secret: client_secret
code: //copy the code you got above
redirect_uri:https://jwt.ms
Response:
When I decoded this token, I got emails claim successfully like below:
If you are not using Email sign-up method, make sure to update user's profile by adding email before running user flow like below:
I am trying to return the email address the person used for authentication via an output claim.
I thought the claim would be "userPrincipalName", but that returns: "40568625-8d65-433a-9dc2-bafc1e969e8c#MYTENANT.onmicrosoft.com" in a "upn" claim, I need it to return the email address I used to login, which in this case is a gmail address.
When I view the User principal under accounts, it shows the gmail email address.
If the user signs up based on an email address, then the email address is stored in the signInNames property.
You could use Azure AD Graph API to read this signInNames property. Note: signInNames is a collection of name objects. The email address is the name having type:emailAddress.
This url is used to get a signed-in user:
GET https://graph.windows.net/me?api-version
For more details about email address storage, see here.
The correct attribute is signInNames.emailAddress.
My company is trying to avoid having many Docusign logins for the group (group X) using Docusign. We were wondering about using one login to do the create, but override the email settings to have it go to members of group X without them having to have Docusign credentials. I was wondering if that would be possible with the replyEmailAddressOverride.
You can do so by using the "Send On Behalf Of" feature where you specify an email address in the authentication header in order to "assign" each transaction to a specific person with the same and unique credentials.
{
"Username": "",//Email of Group X credentials
"Password": "", // Password of Group X credentials
"IntegratorKey": "",// Integrator Key of Group X credentials
"SendOnBehalfOf": "" // Email of the specific person to be assigned the DocuSign transaction
}
If I understand your question correctly, I am not sure that using the replyEmailAddressOverride feature will accommodate what you need.
From the official documentation, this email will be used when the user decided to "reply" to the email sent from DocuSign.
Example in C# below :
EmailSettings settings = new EmailSettings
{
ReplyEmailAddressOverride = "otherUserThanTheSende#fakeemail.com",
ReplyEmailNameOverride = "Other User"
};
envelope.EmailSettings = settings;
If you configure the above email settings, when the signer receives the DocuSign email inviting him to initiate the signing ceremony, if he/she decides to reply to this email, the original DocuSign sender email will not be used but instead the email you have configured will be used.
Example, my "Frederic "account was used to create a transaction so the sender appears as "Frederic" in the DocuSign email. However, when I decide to reply, it doesn't go back to "Frederic" but instead to the user I have configured in the envelope :
But if I understand correctly, you want to send a transaction from a specific sender and this email override setting doesn't affect the transaction sender but the transaction reply.
If you want to use replyEmailAddressOverride and replyEmailNameOverride as present in DS Docs then when an email goes to the signer from DocuSign and if they want to revert to that email then it will go the email which is mentioned in replyEmailAddressOverride property
In newly created ASP.NET MVC5 application, the login screen asks you to enter Email address. But under the hood, it authenticates with user name assuming applicationUser.UserName == applicationUser.Email.
How to change it to make it authenticate user via Email address?
It seems like they have changed something in Identity 2.x in that regard.
Note: I want to keep it login via Email.
For example, in register view, our users are expected to provide:
Email: last.first#example.com
User: Last, First
And during Login, the email will be used. Currently, it uses email but authentication fails because it passes email as user-name.
In Login#Accounts:
After
if (!ModelState.IsValid)
{
return View(model);
}
I added:
var user = await UserManager.FindByEmailAsync(model.Email);
And changed:
var result = await SignInManager.PasswordSignInAsync(model.Email, model.Password, model.RememberMe, shouldLockout: false);
to:
var result = user == null ? SignInStatus.Failure : await SignInManager.PasswordSignInAsync(user.UserName, model.Password, model.RememberMe, shouldLockout: false);
In register view, I have User Name as well as Email (for which I had to add UserName property in RegisterViewModel).
I had the same issue with identity framework. In earlier version the Email address is not part of the registration process. And the identity implementation validating username field as unique and authenticate users against username and password. But allowed us to manage and update 'IUserStore' properties in order to support unique emails and username field to be able to insert email address (non AlphanumericUserNames). But this was not in the visual studio MVC individual user accounts template, which we have to add our self.
The code we have to add to ApplicationUserManager.cs, sample code included in the following NuGet package.
Install-Package Microsoft.AspNet.Identity.Samples -Version 2.0.0-beta2
-Pre
manager.UserValidator = new UserValidator<ApplicationUser>(manager)
{
AllowOnlyAlphanumericUserNames = false,
RequireUniqueEmail = true
};
In version 2.x, identity framework included email field as unique field, also added all required codes to the visual studio MVC individual user accounts template under App_Start >> IdentityConfig. Further more, removed the username part from the UI and kept it back-end only.
But the authentication mechanism hasn't change, which is still using username and password for validation. The change only happened when you registering the user, email address will be inserted into username field which used when authenticating users.
According to my understanding there isn't any out of the box identity framework support for authenticating users with email and password at the moment. You have to insert email into username field when registering users.
Is there any api to find out screen name by passing the email address as the input in liferay for LDAP configuration?
You'll need to get a request object, then do this
long companyID = PortalUtil.getCompanyId(request)
User user = UserLocalServiceUtil.getUserByEmailAddress(companyID, emailAddress);
String scrName = user.getScreenName();
EDIT : in your liferay control panel/portal/authentication/LDAP, there is field named 'user search filter'
use (cn=#screen_name#) if your users are logging with screenName
use (mail=#email_address#) if your users are logging with email address
This way you're supposed to import the users automatically.
Please update your question. According to your tags, it looked like you're searching for a Liferay API. If you wanted an LDAP API you should write it somewhere