Reputation: 5129
Azure App Services POST Access token for AuthenticationToken fails for everything but Facebook
According to the documentation (documentation) :
Your application can trigger the same redirect itself by navigating the user to the /.auth/login/ endpoint of your site, where is one of aad, facebook, google, microsoftaccount, and twitter. This option is perfect for sites featuring a login button and for many mobile applications.
Alternatively, a client can obtain a token using a provider SDK and exchange it for a session token. Simply submit an HTTP POST to the same endpoint with the provider token in a JSON body under the key “access_token” (or “authenticationToken” for Microsoft Account). This is the preferred solution for mobile applications if a provider SDK is available on the platform, and it also works for many web and API applications.
I have found this ONLY works with a facebook token. I am able to authenticate with google, facebook, twitter, and microsoft account by hitting the normal /.auth/login/{provider} endpoint. However if you attempt to POST the resulting token from as discovered from the .auth/me endpoint or from the HTTP Headers (e.g. X-MS-TOKEN-GOOGLE-ACCESS-TOKEN, etc.) the POST endpoint only works for Facebook.
I discovered the following:
- Google - you'll get a HTTP/1.1 400 'authorization_code' field is required. if you follow the documentation. However when changing the "access_token" name to "authorization_code" causes a 500 Internal Server Error
- Twitter - undisclosed in the documentation requires an "access_token_secret" value in the payload in addition to the "access_token" value. However including this only results in a Unauthorized 401 results - which seems to be a bug since the facebook payload works so the controller shouldn't required auth already
- Microsoft account - Same Unauthorized 401 Error as Twitter.
Upvotes: 0
Views: 385
Answers (1)
Reputation: 15042
The documentation for client-directed logins is unfortunately lacking. Take a look at the following post to learn how Google login works when using the client-directed flow:
Azure App Service Authentication with Google oAuth 2.0 Bearer Token
In particular, you are required to send both an id_token and an authorization_code value in the JSON payload. These values must be acquired from Google as part of a user login.
Upvotes: 0
Related Questions
- Azure App Service Authentication / Authorization and Custom JWT Token
- Validating token from Azure App Service through postman returns 401
- Azure EasyAuth: Getting Unauthorized error when try to login with a Microsoft account
- How do you authencate to Azure App Services locally?
- Azure App Services Twitter Authentication Web API
- Azure App Services Exchange AuthenticationToken for Session
- Azure Mobile Apps authentication - invalid format of the authentication response
- Azure Mobile Service, Got Access Token
- Azure MobileServiceClient fails to authenticate user in ASP.NET
- Renewing Expired Azure Mobile Services Token