msal

问题 I am trying to use the GraphAPI using the official nuget library (https://github.com/microsoftgraph/msgraph-sdk-dotnet). However, the authentication process is not trivial and not very well documented. I am in a CSP partner in a machine-to-machine scenario, so there is no UI application with a redirect url where a user manually enter it's credentials to consent access. But it seems to be the unique scenario well documented or available in the samples I found... Even the official CSP

问题 I am trying to use the GraphAPI using the official nuget library (https://github.com/microsoftgraph/msgraph-sdk-dotnet). However, the authentication process is not trivial and not very well documented. I am in a CSP partner in a machine-to-machine scenario, so there is no UI application with a redirect url where a user manually enter it's credentials to consent access. But it seems to be the unique scenario well documented or available in the samples I found... Even the official CSP

问题 I downloaded the example below to get an access token from MS Graph and it worked fine. Now I changed the code to get a token from a custom web API. On apps.dev.microsoft.com I registered a client application and an the API. Client and server registration in AD private static async Task<AuthenticationResult> GetToken() { const string clientId = "185adc28-7e72-4f07-a052-651755513825"; var clientApp = new PublicClientApplication(clientId); AuthenticationResult result = null; string[] scopes =

问题 I want to integrate with Miscrosoft Outlook. I am able to login with MSAL.js and get an access token, but I am not able to get a refresh token. Is there a way to do it? 回答1: I'll assume that since you're using the MSAL.js (https://github.com/AzureAD/microsoft-authentication-library-for-js) that you're using implicit flow for authentication and authorization. Implicit flow doesn't support refresh tokens, but you can request a new token silently. This is done similarly to how you request the

问题 I'm working on a system with a few Angular 4 SPAs each talking to a separate Asp.NET Core 2.0 WebAPI. Azure AD B2C is being used as the identity service for each SPA/API, and MSAL.js as part of our Angular SPAs. We want to support Single Sign-on to prevent the user needing to re-enter credentials when switching from one SPA to another. Is it possible to get single sign-on behavior using msal.js v0.1.7? 回答1: SSO with MSAL.js is possible. For browser-based apps you achieve SSO through cookies

问题 Following on from JavaScript OAuth2 flow for Azure AD v2 login does not give an access_token, I'm trying to figure out the best endpoint to use, to get the logged in users details (eg, display name, email, etc.). However, I noticed in there are 2 potential endpoints I can use https://outlook.office.com/api/v2.0/me https://graph.microsoft.com/v1.0/me 1, is used in bell for hapijs and is documented in Use the Outlook REST API. However, in bell, I can't seem to figure out the scope I need to get

问题 I have followed Adrian Halls book to create a cross platform app with a Mobile Service API backend. I have successfully got unsecured access to the backend working from Android, iOS and Desktop (WPF) clients. I am moving on to adding security to the API using the Authorise attribute. I would like to add social authentication using MicrosoftAccount (formerly passport/Live ID). Since Adrian wrote his book the Microsoft.Azure.Mobile.Client and the authentication and authorisation landscape seem

问题 As of October 2016, is it still the case that the Microsoft Authentication Library (MSAL - NuGet package: Microsoft.Identity.Client ) is the correct/only library to use with Xamarin (iOS/Android) and the Azure AD B2C service? This library (MSAL) is only available as an alpha and does not appear to be in a state of being actively maintained or developed (since April). There are indications that the Active Directory Authentication Library (ADAL - NuGet package: Microsoft.IdentityModel.Clients

问题 I have an Angular web application that is using @microsoft/microsoft-graph-client to get the logged in user's information. @azure/msal-angular is used to sign-in the user. I have an auth service that logs the user in with this: async signIn(): Promise<void> { const result = await this.msalService.loginPopup(OAuthSettings.consentScopes) .catch((reason) => { this.alertsService.add('Login failed', JSON.stringify(reason, null, 2)); }); if (result) { this.authenticated = true; await this.getUser()

问题 I'm using bell and hapijs and trying to get the office365 provider to work, but it seems like the https://login.microsoftonline.com/common/oauth2/v2.0/token endpoint isn't giving me the access_token required for getting profile information. This is the OAuth 2.0 flow I'm seeing: First it redirects to https://login.microsoftonline.com/common/oauth2/v2.0/authorize ?client_id=[client-id] &response_type=code &redirect_uri=http%3A%2F%2Flocalhost%3A5430%2Fapi%2Fv1%2Flogin%2Fazure-ad &state=[state]