Reputation: 1742
Can't make Xamarin.Auth redirect back to device
I followed this tutorial to authenticate with Azure AD for my Azure Mobile Service but I can't get the URL redirect working. Maybe I have misunderstood but this is what I have tried ...
In the iOS project
I added this URL Scheme to info.plist: com.spike.Xamarin.OAuth:/oauth2redirect
I override the AppDelegate.OpenUrl method(s) (both overloads) and implement the code from the tutorial
In the PCL project
I pass the authentication URL as https://(my service).azurewebsites.net/.auth/login/aad and as the redirect URL I pass the same URL (above) to the Xamarin.Auth.OAuth2Authenticator ctor.
I add an event handler to the Xamarin.Auth.OAuth2Authenticator.Completed event, to fetch the access token and so on.
In my protected Azure Mobile service (AAD / Express)
I registered the above URL reversed: OAuth.Xamarin.spike.com:/oauth2redirect as an 'ALLOWED EXTERNAL REDIRECT URLS'.
Result
What happens is I get to the login page and I am able to fill in my credentials as expected. But the final redirect never hits the AppDelegate.OpenUrl method. Instead iOS Safari seems to end up at https://(my service).azurewebsites.net/.auth/login/aad/callback.
What am I getting wrong here?
Upvotes: 1
Views: 3107
Answers (1)
Reputation: 18465
Xamarin.Auth includes OAuth authenticators that provide support for consuming identity providers (e.g. Google, Microsoft, Facebook, and Twitter,etc.).
Per my understanding, you could leverage the Xamarin.Auth SDK to independently contact the identity provider and retrieve the access token on your mobile client side, then you need to login with your backend (azure mobile app) along with the token for retrieving the authenticationToken, then you could leverage the authenticationToken to access the resources under your mobile app.
For Azure AD authentication, you could refer to the following settings for constructing the OAuth2Authenticator as follows:
Authorize URL to https://login.microsoftonline.com/{tenantId}
Redirect URL to {Client-ID-of-your-AD-app}:/oauth2redirect
AccessToken Url to https://login.microsoftonline.com/{tenantId}/oauth2/token
For more details, you could refer to OAuth 2.0 authorization flow for AAD.
After retrieved the access token from AAD, you need to send the following request for logging with your mobile app:
Post: https://{your-app-name}.azurewebsites.net/.auth/login/aad
payload: {"access_token":"{your-access-token}"}
Additionally, you could also leverage Microsoft.Azure.Mobile.Client for Client-managed authentication or Server-managed authentication. For more details about adding authentication to your app, you could refer to Add authentication to the portable class library and Add authentication to the iOS app for your Xamarin Forms app.
Upvotes: 3
Related Questions
- Xamarin: Redirect from Browser to native App doesn't work
- Xamarin.Forms iOS IdentityServer4 Login Redirect Issue
- Xamarin forms Android OAuth2 redirect no working
- Azure Authentication with AAD & Google in a Xamarin Forms Project not Redirecting back to app after Authorized
- Authenticate with Azure Mobile Client LoginAsync method from UWP - Unauthorized
- Azure Mobile App Service Authentication
- Azure Mobile Apps - Custom authentication - Unable to login
- Azure Mobile App Authentication using Xamarin
- Azure Mobile App engaging Xamarin Authentication
- Azure Mobile Services : can't login with Xamarin