I cloned the node web api from https://azure.microsoft.com/en-us/resources/samples/active-directory-javascript-nodejs-webapi-v2/
An app was registered in the v2 app registration portal, with a webapi platform added and a web app with implicit flow set
When i browse to https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=5bab650d-e96c-4f30-a7e2-e6bbab2e7ab1&response_type=code&redirect_uri=http://localhost:5000/hello&response_mode=query&scope=api%3A%2F%2F5bab650d-e96c-4f30-a7e2-e6bbab2e7ab1%2Faccess_as_user%20openid%20offline_access
the browser is redirected to
localhost:5000/hello?error=invalid_client&error_description=AADSTS65005%3a+The+application+%27hand2%27+asked+for+scope+%27openid%27+that+doesn%27t+exist+on+the+resource.+Contact+the+app+vendor.%0d%0aTrace+ID%3a+4b3bdc12-9c1c-448b-abbb-704e9af80d00%0d%0aCorrelation+ID%3a+27afcaf6-cdac-428a-8c6b-7087ff8b34ef%0d%0aTimestamp%3a+2017-10-11+00%3a41%3a40Z
Any idea ?
Related
I have a app hosted in Azure. Currently when a user is authenticated in Azure AD but does not have access to the application, a generic message appears suggesting the user should request access from an administrator.
Now how would I redirect the user to a specific URL when they get this page from Azure AD ? I see no way to configure this in Azure.
EDIT
A little more technical details :
My App is hosted in a serverless Azure App Service. It is an Angular application using msal.js to authenticate.
The App is manually configured in Azure AD using Application Registration tab.
I am having a Web API project in asp.net and this project is hosted on Azure web app services .Azure endpoint of the api works . How can i wrap this api under azure api management ?
Current setup
Asp.net web Api project > Hosted in azure web app services
I tried to add the api in API management via blank and open api specification.
I would expect the Azure API Management could connect to my web app service where my asp.net web api project is hosted.
Deploy your Web API to Azure App Service API App instead of App Service Web App. You will be able to import the API's directly from the UI. Here is the doc.
Alternative to Ketan's approach is to configure API manually using "Blank API" option. where you'll need to specify your App's base URL. You will be required later on to create all operations manually.
We are planning to setup a multi-tenant azure web api which will be invoke by a client app which is registered as converged app with MSA but now in Azure AD. The client app owner dont have Azure AD on thier side. And the client belongs to different tenant.
Can someone please explain how the client will invoke our azure ad web api as client isn't registered as azure webapp.
We have setup .net core azure webapp
You need to consent to the web API from your client app tenant first. To consent to the web API, you could follow this:
https://login.microsoftonline.com/client-app-tenant/oauth2/authorize?client_id=api-client-id&redirect_uri=api-reply-url&response_type=code&prompt=admin_consent
By this, a service principal will be created in your app tenant for the API, allowing you to assign app permissions to the web API in your app tenant.
I've created a web application API with a swagger interface that I've deployed as an API App to Azure.
When creating a Logic App I can find my API App but whenever I try to use it I get the following error:
Failed to fetch swagger. Ensure you have CORS enabled on the endpoint
and are calling an HTTPS endpoint.
I'm using the default https url for the API definition in the API App:
https://microsoft-SOME-LONG-MS-INTERNAL-ID.azurewebsites.net/swagger/docs/v1
The swagger docs have been provided in my C# web API application through Swashbuckle.
For CORS I've set a single * item.
This didn't seem sufficient for the Logic App to access the API App I then configured Authentication / Authorization for the API App to use Azure Active Directory (express), creating an AD Azure App.
I believe the issue will be one of configuring security which is all pretty new to me in Azure. I'd like to make the API App inaccessible externally, but available to Web Apps and Logic Apps within my Azure subscription.
I've not added any authentication mechanism to the ASP.NET web application itself as I figured the web application would effectively be sitting in a private network on Azure. Perhaps this is a bad assumption and I need to add authentication to allow Azure AD to work?
Any pointers / suggestions?
Turns out I needed to update the Azure SDK for Visual Studio. I had an older version that was deploying a preview Api App which resulted in a "Api app host" type being deployed rather that an "API app" type.
Everything works after the update and I've found some documentation for securing the API App and making it available in the Logic App - https://azure.microsoft.com/en-us/documentation/articles/app-service-logic-custom-hosted-api/
I deployed Office 365 app into azure.. and it is working fine when i deploy with F5 in visual studio..
But the problem is that i am not able to visit app directly with link http://xyz.azurewebsites.net/ because it is a SharePoint app it requires {StandardTokens}.
I tried this but no luck..
When developing a provider hosted app in SharePoint, you need to access the app through SP, so your code will get the authentication token and execute all your code to retrieve data from SP through the API. You do not need to access the app through the URL. this is not the intent of provider hosted app. The provider hosted app gives you the flexibility to host your app outside the SP farm (which is in your case in Azure) and integrate properly with Azure AD for exchanging required token to develop against the SP API.
Check out this link that gives a step of step walkthrough for working with provider hosted apps: https://msdn.microsoft.com/en-us/library/office/fp142381.aspx
Hope this helps.