I struggle with getting the refresh tokens to work for certain authentication providers in Azure App Service using a Mobile App. CGillum has written a great post (http://cgillum.tech/2016/03/07/app-service-token-store/) on this and when following that post I get the refresh method to work like a charm for Microsoft Accounts but I struggle with refreshing the access tokens for Facebook and Google. Our application (Xamarin Forms) is using Microsoft Account, Google and Facebook as authentication providers. With your instructions in the post it works like a charm for Microsoft Account.
For Google when setting the access_mode=offline in the LoginAsync I still are unable to refresh my access tokens and getting an error in the streaming logs from Azure that point to where the problem lies but I cannot understand what to do. For Facebook I get the same kind of error in the logs but I do not know how to request the offline access so here the problem is more of 'how do I request offline access for Facebook'.
The error is as follows:
Logging in with Google renders the following log entries (removed some details....)
2016-03-29T14:45:12 PID[5536] Verbose Received request: GET https://nnn.azurewebsites.net/.auth/login/google?access_mode=offline
2016-03-29T14:45:12 PID[5536] Information Redirecting: https://accounts.google.com/o/oauth2/v2/auth?response_type............
2016-03-29T14:45:38 PID[5536] Verbose Received request: GET https://nnn.azurewebsites.net/.auth/login/google/callback?state=nonce%3Dfd.......
2016-03-29T14:45:38 PID[5536] Verbose Calling into external HTTP endpoint POST https://www.googleapis.com/oauth2/v4/token.
2016-03-29T14:45:38 PID[5536] Information Login completed for 'nnn#nnn.com'. Provider: 'google'.
2016-03-29T14:45:38 PID[5536] Verbose Writing 'AppServiceAuthSession' cookie for site 'nnn.azurewebsites.net'. Length: 664.
2016-03-29T14:45:38 PID[5536] Information Redirecting: https://nnn.azurewebsites.net/.auth/login/done#token=%7B%22authenticationToken%22%3A
%22eyJ0e........
2016-03-29T14:45:39 PID[5536] Verbose Received request: GET https://nnn.azurewebsites.net/.auth/login/done
2016-03-29T14:45:39 PID[5536] Information Sending response: 200.0 OK
Then when trying to call the refresh method the following is written in the logs:
2016-03-29T14:53:14 PID[5536] Verbose Received request: GET https://nnn.azurewebsites.net/.auth/refresh
2016-03-29T14:53:14 PID[5536] Verbose JWT validation succeeded. Subject: 'sid:cc7e265f97060b2b067367d1ee02d808', Issuer:
'https://nnn.azurewebsites.net/'.
2016-03-29T14:53:14 PID[5536] Warning The refresh request issued by sid:cc7e265f97060b2b067367d1ee02d808 (SID:
37776b6cabedf8ff38df56de2e5db739) failed because no refresh tokens were found in the token store.
2016-03-29T14:53:14 PID[5536] Information Sending response: 400.80 Bad Request
The token store is enabled for the service and is works perfect for Microsoft Accounts. Does anyone have any clue here to what goes wrong and what to do in order to get refresh for access tokens using Google going?
How to enable refresh tokens for Facebook?
The code used for refreshing the access token and thus producing the output in the Azure logs above is:
public async Task<bool> RefreshAccessToken()
{
// http://cgillum.tech/2016/03/07/app-service-token-store/
// Calling /.auth/refresh will update the tokens in the token store
// and will also return a new mobile authentication token.
JObject refreshJson = (JObject)await App.m_azureMSClient.InvokeApiAsync("/.auth/refresh", HttpMethod.Get, null);
string newToken = refreshJson["authenticationToken"].Value<string>();
App.m_azureMSClient.CurrentUser.MobileServiceAuthenticationToken = newToken;
App.Current.Properties[App.m_propNameAuthToken] = newToken; // persist it
return true;
}
Token Refresh for Facebook is not supported in App Service. The tokens last for 60 days, however, so there is less of a need for this capability since you can require the user to log in interactively once every 60 days (and it should succeed immediately in most cases).
If you strongly need to be able to refresh Facebook tokens, another option you have is to use the Facebook SDK, which automatically handles refresh for you. More information here: https://developers.facebook.com/docs/facebook-login/access-tokens/expiration-and-extension. In this case, you can login again using the non-interactive login of mobile apps (also known as client-directed login) in order to get up-to-date authentication tokens for calling your APIs.
EDIT:
Regarding Google, it looks like your query string may be wrong. Try access_type=offline. It looks like you are specifying access_mode=offline, which is not correct.
Related
Really having a nightmare with this in all honesty.
I have the repo from https://github.com/Azure-Samples/active-directory-aspnetcore-webapp-openidconnect-v2/tree/master/1-WebApp-OIDC which should set up Azure AD and Open Id with ASP Core 3.0.
I am using Azure to deploy an application using ASP Core 3.0 MVC.
I have implemented the above repo into my solution which should take care of everything in startup.cs, my localhost is working absolutely fine.
Start up is the same as the 1-WebApp-OIDC solution (other than logging and DI related registrations).
The app is registered in the Azure portal, the tenant id and client id are fine, correct redirects are in there as well.
App Service Auth is turned off also (I read this could be an issue as many had solved this by turning it off).
Also Home, Index controller has [Authorize] attribute on.
Now when it comes to deployment I keep getting;
You do not have permission to view this directory or page.’
On my /signin-oidc redirect url.
Just to note I was getting this message even when not using the openidconnect class library.
If I go to https://mysite.azurewebsites.net/.auth/login/aad/callback -
I get 'You have successfully logged in' page, with the 'RETURN TO THE WEBSITE' link.
Once clicked, back to the same message as above.
I'm also getting a token from https://mysite.azurewebsites.net/.auth.me - have read .NET Core app with Azure App Service Authentication but he was able to get past the login and just wasn't getting the right claim identities.
Now .. when I check in Azure at the domain's sign ins, it shows as success.
I then log into Kudu to check the logs (in .../application) with contradictions.
The diagnostics logs say:
2020-02-01 10:32:19.279 +00:00 [Debug] Microsoft.AspNetCore.Routing.EndpointRoutingMiddleware: Request did not match any endpoints
2020-02-01 10:32:19.279 +00:00 [Debug] Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler: AuthenticationScheme: AzureADCookie was not authenticated.
The other set of logs which generate a guid for each session show:
2020-02-01T10:32:01 PID[3780] Verbose Received request: GET https://mysite.azurewebsites.net/
2020-02-01T10:32:01 PID[3780] Information Redirecting: https://login.windows.net/89f3808f-0cff-4297-b17a-313007c7b8a6/oauth2/authorize?response_type=id_token&redirect_uri=https%3A%2F%2Fmysite.azurewebsites.net%2F.auth%2Flogin%2Faad%2Fcallback&client_id=f70bd4d6-3cb3-463e-9fca-974053e2f177&scope=openid+profile+email&response_mode=form_post&nonce=6f1c5c8d07f5481193439dd95c3cf03b_20200201103701&state=redir%3D%252F
2020-02-01T10:32:02 PID[3780] Verbose Received request: POST https://mysite.azurewebsites.net/.auth/login/aad/callback
2020-02-01T10:32:02 PID[3780] Verbose JWT validation succeeded. Subject: 'C6JYPu8NBYT8sC-s6G33w6sxNkct28RdeeyfL1SndjA', Issuer: 'https://sts.windows.net/89f3808f-0cff-4297-b17a-313007c7b8a6/'.
2020-02-01T10:32:02 PID[3780] Information Login completed for 'DanADLogin#company.com'. Provider: 'aad'.
2020-02-01T10:32:02 PID[3780] Verbose Writing 'AppServiceAuthSession' cookie for site 'mysite.azurewebsites.net'. Length: 920.
2020-02-01T10:32:02 PID[3780] Information Redirecting: https://mysite.azurewebsites.net/
2020-02-01T10:32:02 PID[3780] Verbose Received request: GET https://mysite.azurewebsites.net/
2020-02-01T10:32:02 PID[3780] Verbose Found 'AppServiceAuthSession' cookie for site 'mysite.azurewebsites.net'. Length: 920.
2020-02-01T10:32:02 PID[3780] Verbose Authenticated DanADLogin#company.com successfully using 'Session Cookie' authentication.
2020-02-01T10:32:19 PID[3780] Verbose Received request: POST https://mysite.azurewebsites.net/signin-oidc
2020-02-01T10:32:19 PID[3780] Verbose Found 'AppServiceAuthSession' cookie for site 'mysite.azurewebsites.net'. Length: 920.
2020-02-01T10:32:19 PID[3780] Information Sending response: 403.60 Forbidden
2020-02-01T10:32:19 PID[3780] Warning Cross-site request forgery detected for user 'DanADLogin#company.com' from referer 'login.microsoftonline.com'!
2020-02-01T10:32:19 PID[3780] Verbose Received request: GET https://mysite.azurewebsites.net/favicon.ico
2020-02-01T10:32:19 PID[3780] Verbose Found 'AppServiceAuthSession' cookie for site 'mysite.azurewebsites.net'. Length: 920.
2020-02-01T10:32:19 PID[3780] Verbose Authenticated DanADLogin#company.com successfully using 'Session Cookie' authentication.
Clearly the cookie is being lost somewhere, I've read about a redirect loop that interferes with cookies from core and cookies from open id.
I’ve exhausted stack overflow and other articles all to no avail.
There is one issue that is very similar but using Google Auth - Requesting refresh token fails.No refresh tokens were found in the token store. This does not work for AAD.
I’m genuinely out of what to do, I have persevered long enough and I think I may go mad if I spend another day on this. I'm sure it cannot be this difficult 😅.
Any help or guidance would be greatly appreciated.
Clearly a lot of interest lol ...
This was actually nothing to do with Azure AD or OpenId at all.
It was a db call in my data layer that was calling an external db in my home controller (not in Azure) that was throwing all these issues.
I got this error trying to get an auth token from Sharepoint REST api. My SP is cloud based and I am using Postman to test the requests, as a previous attempt similarly ran into a dead end when much troubleshooting back and forth with Msoft lead no where .. Anyway, I have the following error and I was wondering if anyone could help me figure out what it is or how I can troubleshoot this issue.
error_description: "AADSTS50169: The realm 'realm' is not a configured realm of the current service namespace"
error_codes : 50169
I followed this tutorial
Thanks!
Edit: I went through and started again, this tut seems to be working I guess I may have missed a step (my guess is I didn't correctly configure the app permissions with xml when creating the app)
To do authorization of SharePoint online and use REST API via Postman, here is a solution for your reference:
First: get security Token
Access [https://login.microsoftonline.com/extSTS.srf] via Http Post method. The content of the http request is as follows.
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"
xmlns:a="http://www.w3.org/2005/08/addressing"
xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-
utility-1.0.xsd">
<s:Header>
<a:Action
s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<a:To s:mustUnderstand="1">https://login.microsoftonline.com/extSTS.srf</a:To>
<o:Security s:mustUnderstand="1"
xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<o:UsernameToken>
<o:Username>[username]</o:Username>
<o:Password>[password]</o:Password>
</o:UsernameToken>
</o:Security>
</s:Header>
<s:Body>
<t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
<wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<a:EndpointReference>
<a:Address>[endpoint]</a:Address>
</a:EndpointReference>
</wsp:AppliesTo>
<t:KeyType>http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey</t:KeyType>
<t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
<t:TokenType>urn:oasis:names:tc:SAML:1.0:assertion</t:TokenType>
</t:RequestSecurityToken>
</s:Body>
</s:Envelope>
The demonstration screenshot in Postman:
And the response content will include a security token as below, we can use this security token to get Access Token of SharePoint.
Second: get Access Token
Here i show you how to get access token of SharePoint online using the security token and SharePoint Rest API.
Access [https://yourdomain.sharepoint.com/_forms/default.aspx?wa=wsignin1.0] via http Post method. The content of the request is the security token that we have got above as below.
And the response as below:
We can see that there are two cookie, rtFa and FedAuth in response header, and these two cookie need to be added to the request in subsequent request.
Third: get Request Digest
Access [https://yourdomain.sharepoint.com/_api/contextinfo] via http Post method with that two cookies which we have got above.
And the response as below:
This is the final Token we want!
Then we can use REST API of SharePoint, we only need to add this token and the previous two cookie, as shown in the following figure.
Good morning everyone,
I Have set up an App Service in Azure and added Authentication via Azure AD B2C. So far so good everything works fine. After 1 hour though, when the token expires, I try to refresh it but then I get an error back that the refresh token has been revoked. What goes wrong here ? I have set up the backend like explained in this post : and when logging in I pass the additional parameter like so :
user = await Manager.CurrentClient.LoginAsync(currentContext,MobileServiceAuthenticationProvider.WindowsAzureActiveDirectory,new Dictionary<string, string>() { { "response_type", "code id_token" } });
This is my refresh code :
user = await Manager.CurrentClient.RefreshUserAsync();
This is the error I am getting
{Microsoft.WindowsAzure.MobileServices.MobileServiceInvalidOperationException:
Refresh failed with a 403 Forbidden error. The refresh token was
revoked or expired. --->
Microsoft.WindowsAzure.MobileServices.MobileServiceInvalidOperationException:
You do not have permission to view this directory or page. at
Microsoft.WindowsAzure.MobileServices.MobileServiceHttpClient+d__24.MoveNext
() [0x001ec] in :0
Am I missing something here ?
Thank you
EDIT :
Here is a Screenshot of the Settings in the Portal
EDIT 2 :
Here is an error form the server logs when trying to refresh the token :
EDIT 3 :
And here the Application Log from the webserver for the given request :
2017-01-18T15:08:33 PID[6344] Verbose Received request: GET
https://api.near.lu/.auth/refresh 2017-01-18T15:08:33 PID[6344]
Verbose JWT validation succeeded. Subject:
'sid:453a1ad2710466bc9873240e888d8b91', Issuer:
'https://api.near.lu/'. 2017-01-18T15:08:33 PID[6344] Warning The
refresh request issued by sid:453a1ad2710466bc9873240e888d8b91 (SID:
ac22f7309036f0c07a54b1299b9601ef) failed because no refresh tokens
were found in the token store. 2017-01-18T15:08:33 PID[6344]
Information Sending response: 403.80 Forbidden 2017-01-18T15:08:34
PID[6344] Verbose Received request: GET
https://api.near.lu/.auth/login/aad?response_type=code%20id_token
2017-01-18T15:08:34 PID[6344] Verbose Downloading OpenID
configuration from
https://login.microsoftonline.com/nearauth.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=B2C_1_Default
2017-01-18T15:08:36 PID[6344] Verbose Downloading OpenID issuer
keys from
https://login.microsoftonline.com/nearauth.onmicrosoft.com/discovery/v2.0/keys?p=b2c_1_default
2017-01-18T15:08:37 PID[6344] Information Redirecting:
https://login.microsoftonline.com/nearauth.onmicrosoft.com/oauth2/v2.0/authorize?response_type=code+id_token&redirect_uri=https%3A%2F%2Fapi.near.lu%2F.auth%2Flogin%2Faad%2Fcallback&client_id=c4c15bfb-eac4-4cdc-861f-eb01594e19d2&scope=openid+profile+email&response_mode=form_post&state=redir%3D%26b2cPolicy%3D&p=b2c_1_default&nonce=9e243549b62f49878cc370048c6effa9_20170118151334
2017-01-18T15:08:39 PID[6344] Verbose Received request: POST
https://api.near.lu/.auth/login/aad/callback 2017-01-18T15:08:39
PID[6344] Error An error of type 'unauthorized_client' occurred
during the login process: 'AADB2C90057: The provided application is
not configured to allow the OAuth Implicit flow. Correlation ID:
8336662f-8847-4f8b-bb37-6925a5d3e264 Timestamp: 2017-01-18 15:08:38Z '
2017-01-18T15:08:39 PID[6344] Information Sending response: 401.73
Unauthorized
EDIT 4:
This is the log of a successfull login :
2017-01-18T19:10:14 PID[6344] Verbose Received request: GET
https://api.near.lu/.auth/login/aad?response_type=code%20id_token
2017-01-18T19:10:14 PID[6344] Information Redirecting:
https://login.microsoftonline.com/nearauth.onmicrosoft.com/oauth2/v2.0/authorize?response_type=code+id_token&redirect_uri=https%3A%2F%2Fapi.near.lu%2F.auth%2Flogin%2Faad%2Fcallback&client_id=c4c15bfb-eac4-4cdc-861f-eb01594e19d2&scope=openid+profile+email&response_mode=form_post&state=redir%3D%26b2cPolicy%3D&p=b2c_1_default&nonce=817be561f67343688001637fa7808690_20170118191514
2017-01-18T19:10:30 PID[6344] Verbose Received request: POST
https://api.near.lu/.auth/login/aad/callback 2017-01-18T19:10:30
PID[6344] Verbose JWT validation succeeded. Subject:
'1eaf9f41-1562-4ac9-9538-b893c9123087', Issuer:
'https://login.microsoftonline.com/07407dc1-946a-4afc-9186-84e6023ba814/v2.0/'.
2017-01-18T19:10:30 PID[6344] Verbose Calling into external HTTP
endpoint POST
https://login.microsoftonline.com/nearauth.onmicrosoft.com/oauth2/v2.0/token.
2017-01-18T19:10:32 PID[6344] Information Login completed for 'aget'.
Provider: 'aad'. 2017-01-18T19:10:32 PID[6344] Verbose Writing
'AppServiceAuthSession' cookie for site 'api.near.lu'. Length: 792.
2017-01-18T19:10:32 PID[6344] Information Redirecting:
https://api.near.lu/.auth/login/done#token=%7B%22authenticationToken%22%3A%22ey--REMOVED PART OF THE TOKEN--%22%2C%22user%22%3A%7B%22userId%22%3A%22sid%3Aed01ed7507f147976aa1704783267861%22%7D%7D
2017-01-18T19:10:33 PID[6344] Verbose Received request: GET
https://api.near.lu/.auth/login/done 2017-01-18T19:10:33 PID[6344]
Information Sending response: 200.0 OK
This is the error log i get when I try to refresh immediatley after logging in :
2017-01-23T10:55:06 PID[6344] Verbose Received request: POST
https://api.near.lu/.auth/refresh 2017-01-23T10:55:06 PID[6344]
Verbose JWT validation succeeded. Subject:
'sid:ed01ed7507f147976aa1704783267861', Issuer:
'https://api.near.lu/'. 2017-01-23T10:55:06 PID[6344] Warning The
refresh request issued by sid:ed01ed7507f147976aa1704783267861 (SID:
9a6c2ee324a092937c5e2f953803e662) failed because no refresh tokens
were found in the token store. 2017-01-23T10:55:06 PID[6344]
Information Sending response: 403.80 Forbidden
Which is weird, as it can be seen in the above picture the token store is enabled...
The problem could be that your current App Service Authentication / Authorization setup is not configured to support token refresh. A simple way to confirm this would be to enable Application Logging and look at the warning messages in the application log stream when a refresh operation fails. More details on application logging can be found here: https://learn.microsoft.com/en-us/azure/app-service-web/web-sites-enable-diagnostic-log
See the following blog post (which I wrote) to learn more about how to update your Authentication / Authorization settings to support token refresh: https://cgillum.tech/2016/08/10/app-service-auth-and-azure-ad-b2c-part-2/#refresh. The short version is that you need to:
create an app key in your B2C app registration and set that as the client secret in your Authentication / Authorization "Advanced" settings for AAD in the portal.
Request the offline_access scope when logging in. This ensures you get a refresh token from AAD B2C when the user logs in.
Your login code should look like the following:
user = await Manager.CurrentClient.LoginAsync(
currentContext,
MobileServiceAuthenticationProvider.WindowsAzureActiveDirectory,
new Dictionary<string, string>() { { "scope", "openid offline_access" } });
To use the refresh user, we have to store the refresh token to the app service token store.
You can check whether there are refresh token via using the request below:
Get:https://{yourMoibleAppName}.azurewebsites.net/.auth/me
X-ZUMO-AUTH: {accessToken}
The access token you can get from user.MobileServiceAuthenticationToken.
If there is no refresh token returned, you can check whether following requirements are satisfied:
the token store is enable
the response_type of request contains code
Developers doesn't revoke the access_token, refresh_token, user permission
And all settings well, however the the app still get the 403 error, we should prompt user to login again(refer to Refreshing user logins in App Service Mobile Apps).
And to avoid misunderstanding, when you specify you were using Azure AD B2C tenant, would you mind sharing the detail steps you protected the mobile service?
Update( able to reproduce this issuing using the b2c app which register this way)
I am implementing Oauth 2 authentication for Office 365 account in a java based server side application. After reading the documentation, I have done the following things:
I have office 365 subscription.
I have created an app in Azure
Actve directory, that is necessary to authenticate web app using
office 365 account.
I have client ID and secret. I have also
given all permission to the Azure app.
I am requesting authorization code using the Url:
https://login.microsoftonline.com/common/oauth2/authorize?client_id={client_id}&response_type=code&redirect_uri={redirect url}&response_mode=query
As a response of this, I am getting authorization code as expected:
http://localhost:8080?code={authorication code}&session_state=259479e4-84aa-42ea-91e9-9e919cc99587
Now I need to get token along with the user name (user ID from which the user in logged in), as I need the user name for further processing. For this, I am using the method described here:
https://azure.microsoft.com/en-us/documentation/articles/active-directory-protocols-oauth-code/
That is using a POST request like this:
POST /{tenant}/oauth2/token HTTP/1.1
Host: https://login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code
&client_id=2d4d11a2-f814-46a7-890a-274a72a7309e
&code=AwABAAAAvPM1KaPlrEqdFSBzjqfTGBCmLdgfSTLEMPGYuNHSUYBrqqf_ZT_p5uEAEJJ_nZ3UmphWygRNy2C3jJ239gV_DBnZ2syeg95Ki-374WHUP-i3yIhv5i-7KU2CEoPXwURQp6IVYMw-DjAOzn7C3JCu5wpngXmbZKtJdWmiBzHpcO2aICJPu1KvJrDLDP20chJBXzVYJtkfjviLNNW7l7Y3ydcHDsBRKZc3GuMQanmcghXPyoDg41g8XbwPudVh7uCmUponBQpIhbuffFP_tbV8SNzsPoFz9CLpBCZagJVXeqWoYMPe2dSsPiLO9Alf_YIe5zpi-zY4C3aLw5g9at35eZTfNd0gBRpR5ojkMIcZZ6IgAA
&redirect_uri=https%3A%2F%2Flocalhost%2Fmyapp%2F
&resource=https%3A%2F%2Fservice.contoso.com%2F
&client_secret=p#ssw0rd
Now the problem is that, when ever I send this post request, I always get error with error code some times 400 or 402 etc. I also user POST man in chrome to check the response of the call. It always return error like that:
{
"error": "invalid_grant",
"error_description": "AADSTS65001: The user or administrator has not consented to use the application with ID. Send an interactive authorization request for this user and resource.\r\nTrace ID: b834315e-ccb3-4533-b7c9-4af7b34054b9\r\nCorrelation ID: 784f18da-5479-4b69-b939-0067abfcc460\r\nTimestamp: 2016-08-02 07:28:22Z",
"error_codes": [
65001
],
"timestamp": "2016-08-02 07:28:22Z",
"trace_id": "b834315e-ccb3-4533-b7c9-4af7b34054b9",
"correlation_id": "784f18da-5479-4b69-b939-0067abfcc460"
}
(Note: I have registered all the apps using administrator login)
I have tried a lot to find out whats is going wrong here. I have added multiple apps in Azure Active directory but I am always getting similar response.
I request professionals to help me. . . ! Actually I want to allow user to click on a button in office 365 web add-in and use oauth2 authentication to login to our system. It will be great in somebody suggest me some good tutorial to successfully implement this.
If you were requesting the access token for the Office 365, the resource parameter in the send request should be https%3A%2F%2Foutlook.office.com.
And also you can use the Microsoft Graph as Philip suggested. You can refer here about how to choose the endpoint.
Receiving the error codes "interaction_required" or "invalid_grant" error codes means there is an issue with the "Refresh token" and it advised to:
Discard current refresh token
Request new authorization code
I suddenly started to receive the following error in my app. I'm sure it has been running fine before - atleast on my machine :-)
Error: Client side authentication flow with Google is not supported.
I get this error when I try to login using a accesstoken I've received from a gapi authorize call:
// login with google using gapi
gapi.auth.authorize({ client_id: clientId, scope: scopes, immediate: noPopup },
function (authResult) {
// Pass the accesstoken into azure
client.login("google", {"access_token": authResult.access_token}).then(
function(user) {
// logged into azure...
Then I receive the error about not supported flow.
(if I change from "google" to "facebook", the error is: Error: The Facebook Graph API access token authorization request failed with HTTP status code 400 - which makes sence since it's a google accesstoken I'm passing in)
If I paste in the url directly in a browser https://kjokken.azure-mobile.net/login/google, then everything seems to be ok.
Any ideas why this is happening?
Thanks for any help
Larsi
Thank you for using Mobile Services and taking the time to report this. We actively working on adding support for this particular scenario over the next couple of weeks, which explains what you are seeing. I will update this post when we have more information.
In the interim, did you consider using MobileServiceClient.login(MobileServiceAuthenticationProvider provider, UserAuthenticationCallback callback)?
Thanks,
-Yavor