msal

问题 I've asked the question below a couple weeks ago and I didn't get a working answer. Or maybe just not suitable for my case. C# Microsoft Authentication Get logged user from controller So I thought maybe I wasn't asking the right question. What i'm trying to do is create an app which has a C# Web API 2 backend and an Angular 2 frontend. Now, I want that my authentication be using people's Microsoft Account which means this will be an external authentication. What's the best way of doing this?

问题 I have hard time making my Azure B2C renewing procedure work. So if my cookie is visible when I access the login url (login.microsoftonline.com), under x-ms-cpim-sso:myApp.onmicrosoft.com_0, is there a way to decode its value? I would like to see when it expires and other related iformation. 来源： https://stackoverflow.com/questions/48328607/how-to-decode-azure-b2c-cookie

问题 Is there a way to get the Group the User is member of so we can process the authentication, or even throw exception so the token will not be created. The reason we need groups is that we can not create OU in Azure AD whereas we could before in LDAP. We retrieved the distinguished name and therefore had very rich information about said user. Lastly, we do see that you could create an OU on-premises but read that Graph API would not recognize it or could not retrieve it. We are attempting to do

问题 We have a user-facing web app and a middle-tier ASP.NET Core Web api, currently using OAuth 2.0 On-Behalf-Of flow (OBO) on the Azure Ad v1.0 endpoint, authenticating only AAD accounts. We need to authenticate also MSA (personal) accounts, therefore migrate our solution to the Azure AD v2.0 endpoint. The official sample only authenticates AAD accounts and says: " Current limitations : The on-behalf-of flow does not currently work for Microsoft Personal accounts." Can somebody confirm this ?

问题 I have some Xamarin C# code that authenticates users against the company directory, it's basically the code found in the Microsoft tutorial, and right now we're iOS-only: App.xaml.cs PublicClientApplicationOptions options = new PublicClientApplicationOptions() { ClientId = MyAppClientId, TenantId = MyAppTenantId }; var builder = PublicClientApplicationBuilder.CreateWithApplicationOptions(options); if (!string.IsNullOrEmpty(iOSKeychainSecurityGroup)) { builder = builder

问题 This is my code to authenticate for using Microsoft Graph with Outlook : public async Task AquireToken() { try { if (_AuthResult == null) { _AuthResult = await Program.PublicClientApp.AcquireTokenSilentAsync( _scopes, Program.PublicClientApp.Users.FirstOrDefault()); } } catch (MsalUiRequiredException ex) { // A MsalUiRequiredException happened on AcquireTokenSilentAsync. // This indicates you need to call AcquireTokenAsync to acquire a token. System.Diagnostics.Debug.WriteLine($

问题 Azure AD v2.0 discusses one of their advantages as being Dynamic Consent (https://github.com/AzureAD/microsoft-authentication-library-for-js/wiki/api-scopes#request-dynamic-scopes-for-incremental-consent). What is this supposed to look like? I thought a typical use case would be to supply what roles / scopes apply to a certain end point. For example the @OAuthBearer() annotation on: @Get("/hello-auth") @OAuthBearer({"scopes": ["app.special.scope"]}) helloAuth() { return {text: "Authorised

问题 I am trying to implement a sign in / login function using Active Directory. I am basing myself in on this b2c-xamarin sample. Below is the relevant code that I am having issues with. I have made modifications here to simplify readability. I have inserted comments for anything noteworty, particularly AcquireTokenAsync: string ClientID = "<application_id_of_b2c_application>" string Authority = "https://login.microsoftonline.com/tfp/<b2c_tenant_name>/<signin_policy_name>/oauth2/v2.0/authorize"

问题 If i go to https://developer.microsoft.com/en-us/graph/graph-explorer# and use URL like: https://graph.microsoft.com/beta/sites/4development106.sharepoint.com:/sites/DBSchenker:/lists/OEC_Docs/items I can see request succeeds. Now if i use the angular app from github https://github.com/AzureAD/microsoft-authentication-library-for-js and the code like private sharePointHost: string = "https://4development106.sharepoint.com/sites/DBSchenker/_api/web/lists/getByTitle('OEC_Docs')/items"

问题 I am experiencing issue trying to obtain a new access token from my AD B2C. From my SPA I use the MSAL.js library (v0.1.3) to authenticate to my AD B2C. After an hour, the access token expires so I do a silent token renew procedure but it fails. I use the following link to get a new access token: https://login.microsoftonline.com/te/myApp.onmicrosoft.com/b2c_1_signin/oauth2/v2.0/authorize?response_type=token&scope=https%3A%2F%2FmyApp.onmicrosoft.com%2Fapi%2Faccount.read%20openid%20profile