adal

How to access Key Vault with Azure Managed Service Identity in node?

我只是一个虾纸丫 提交于 2019-12-07 14:04:34
问题 I follow the instruction here to create an Managed Service Identity. So now in my environment variable, I have MSI_ENDPOINT and MSI_SECRET. In my typescript (node.js) project, I imported the following project: import {KeyVaultCredentials, KeyVaultClient} from "azure-keyvault"; import {AuthenticationContext, ErrorResponse, TokenResponse} from "adal-node"; If I wasn't using MSI, I could access my key vault using the following code: let keyVaultCredentials = new KeyVaultCredentials(KeyVault

Adal.js logging out without a redirect

时间秒杀一切 提交于 2019-12-07 12:50:04
问题 In our current SPA implementation we authenticate against AzureAD using adal.js and upon successful authentication hit our web api to get the authorization data. There are a couple of edge case scenarios where the get authorization data call could fail. In this case we would like to clear out the state/cache created by adal.js. I have tried a few things but I have not not been able to create a clean slate. Here is some code that I have tried. localStorage.clear(); var authContext =

How do I check to see if my AzureAD version is V1 or V2?

走远了吗. 提交于 2019-12-07 11:37:09
问题 Where would I look to check the AzureAD version? Is there some command line utility that would return the version, or some rest endpoint that gives basic information like that? 回答1: Azure AD itself is versionless. What can be v1 or v2 is the endpoint and app registration with which you talk to it. Check out the docs on the v2 endpoint and a v1 vs v2 comparison For most URLs (metadata, authorize, token), you can tell based on whether it contains /v2.0/ for example: https://login

Azure AD Logout URL not redirecting

大城市里の小女人 提交于 2019-12-07 06:35:08
问题 I am building the following URL https://login.microsoftonline.com/<tenantid>/oauth2/logout?client_id=<clientId>&post_logout_redirect_uri=<encodedurl> It looks something like https://login.microsoftonline.com/f4aaf6e1-ffff-ffff-bb63-4e8ebf728113/oauth2/logout?client_id=f562b4e3-ffff-ffff-b4bb-49ca64216e75&post_logout_redirect_uri=https%3A%2F%2Fmyazureapp.azurewebsites.net It logs me out but does not redirect me back to my app Like this URL does for azure https://login.microsoftonline.com

Ui-Router 404 when redirecting with ADAL

我与影子孤独终老i 提交于 2019-12-07 06:12:18
问题 I'm currently trying to hook in the Azure Directory Authentication Library (ADAL.JS) into UI-Router. I've got it wired in, and it redirects correctly, but it always chucks a 404 before the redirect. The redirect works, and then gets sent back to my application, which is showing the 404. I've modified the state like so: { state: 'admin', config: { url: '/admin', templateUrl: 'app/admin/admin.html', controller: 'AdminController', controllerAs: 'vm', title: 'Admin', settings: { nav: 2, content:

ADAL.js with Multi-Tenant Azure Active Directory

感情迁移 提交于 2019-12-07 05:30:47
问题 The sample code provided for using ADAL.js looks something like this: window.config = { instance: 'https://login.microsoftonline.com/', tenant: '[Enter your tenant here, e.g. contoso.onmicrosoft.com]', clientId: '[Enter your client_id here, e.g. g075edef-0efa-453b-997b-de1337c29185]', postLogoutRedirectUri: window.location.origin, cacheLocation: 'localStorage', localhost. }; var authContext = new AuthenticationContext(config); This works fine, but I'm trying to allow access for a multi-tenant

iOS ADAL-Make silent call using refresh token

旧时模样 提交于 2019-12-06 15:04:11
问题 I am using iOS ADAL library version 2.2.6 and receiving refresh token upon successful login. Now I want to make a silent call by using this refresh token. I tried with following method but it fails to return the access token. ADAuthenticationContext *authContext; [authContext acquireTokenSilentWithResource:resourceId clientId:clientId redirectUri:redirectUri userId:strUserID //loggedIn userID completionBlock:^(ADAuthenticationResult *result){ // It alway throws an error //Please call the non

Can Azure AD ADAL (ios) refresh token be revoked from the client?

爷,独闯天下 提交于 2019-12-06 14:37:41
I am trying to use ADALiOS in an iOS app. I also want to have a logout button so that, if needed, the user can elect to logout from the app. The best way, I think, would be to revoke the refresh token (the access token is short-lived and can't be revoked), which ideally should also revoke the token and do clean up on the server-side. I tried Azure AD docs, searched in the source code (and in general searched elsewhere), but couldn't find any mention of refresh token revocation in ADAL. Can a refresh token be revoked in ADAL? What is the best way to log a user out? Gaurav Mantri Yes. From Best

On behalf of token issue (AADSTS50013: Assertion contains an invalid signature)

有些话、适合烂在心里 提交于 2019-12-06 13:39:16
I'm getting an error (mentioned below) when I'm trying to use Cortana Bot user token (which is a Graph token) to generate an "on-behalf-of" token to another consuming Web API application using ClientAssertionCertificate / ClientCredential targeted to another consuming Web API by passing its AppId as ResourceId and userAssertion generated by using Cortana Bot user token. When checked our Bot AAD settings it is configured with other consuming Web API (API B) as valid application along with Graph application. Do we need to do any additional setting in AAD to get this on-behalf-of token?

API Power BI Get token but get request get response 401

安稳与你 提交于 2019-12-06 11:18:26
I have registered an APP in Azure to access PBI (with MFA); APP details: Native App (mobile desktop) API Permissions Azure Active Directory Graph (1) User.Read Power Bi Service (1) DataSet.ReadWrite.All I can get the token but when try to run a get request I get error 401. import adal import requests authority_url = 'https://login.windows.net/<tennantID>' resource_url = 'https://analysis.windows.net/powerbi/api' target_url = 'https://api.powerbi.com/v1.0/myorg/groups/<groupID>/datasets' client_id = '<applicationID>' secret= '<clientsecretID>' context = adal.AuthenticationContext(authority
订阅 adal