Reputation: 1826
How to access id_token in MSGraph SDK on iOS?
I'm using MSGraph SDK iOS to login users with their Office365 accounts.
My end goal is to get:
- refresh token
- user details
- id token (
id_tokenas described in Azure Active Directory (AAD) endpoint documentation)
Using sample app I was able to login user, get a refresh token and user details (via [[[[MSGraphClient client] me] request] getWithCompletion:...]) but I can't find id_token anywhere.
Also, the Android version of the app I'm working on is using https://outlook.office.com/api/v2.0 as a base URL for SDK and I'm trying to change it also in iOS app from https://graph.microsoft.com/v1.0/.
I might be missing something obvious or important in docs or sample app, sorry if that's the case.
Question is: how to get id_token in MSGraphSDK on iOS?
UPD:
Here's code I'm using:
[NXOAuth2AuthenticationProvider setClientId:<clientId> scopes:@[@"https://graph.microsoft.com/Files.ReadWrite", @"https://graph.microsoft.com/Calendars.ReadWrite", @"openid"]];
[[NXOAuth2AuthenticationProvider sharedAuthProvider] loginWithViewController:nil completion:^(NSError *error) {
if (error) {
return;
}
NSArray *accounts = [[NXOAuth2AccountStore sharedStore] accountsWithAccountType:@"MSGraph"];
NXOAuth2Account *account = accounts.firstObject;
}];
NXOAuth2Account doesn't have any property that can be connected with id_token. The question is how to get id_token from NXOAuth2Client or MSGraphSDK frameworks?
Upvotes: 1
Views: 315
Answers (1)
Reputation: 33114
An id_token is only returned if you're using the OpenID Connect flow. To enable this, you need to add openid to the list of scopes you're requesting and id_token+code as your response-type.
Optionally you can also request email and profile if you want to get a more "complete" id_token.
One additional item to keep in mind, the tokens are not provided by the SDK. They are obtained from Azure Active Directory via OAuth. The SDK simply takes the token you've previously obtained.
You can obtain a token using just about any library that supports OAuth 2.0 but I suspect the sample you're looking at is using NXOAuth2AuthenticationProvider. Something along the lines of:
[NXOAuth2AuthenticationProvider setClientId:<clientId>
scopes:@[@"https://graph.microsoft.com/Files.ReadWrite",
@"https://graph.microsoft.com/Calendars.ReadWrite"]];
In order to obtain the id_token using the above example, you add the openid scope:
[NXOAuth2AuthenticationProvider setClientId:<clientId>
scopes:@[@"https://graph.microsoft.com/Files.ReadWrite",
@"https://graph.microsoft.com/Calendars.ReadWrite",
@"openid"]];
Upvotes: 1
Related Questions
- MS Graph Daemon App - Obtaining Bearer Token
- Get AccessToken to Microsoft Graph from Azure App Service Easy Auth
- Getting Access Token for Microsoft Graph from asp.net core Authentication web app
- Can I get an id_token from Azure AD for my app?
- Using tokens from microsoft graph with sharepoint rest api
- How do request a correct access token in ASP.NET Core for Azure AD to access Microsoft Graph
- .Net Core 2.0 - Get AAD access token to use with Microsoft Graph
- How to get access_token for MS Graph and id_token through /authorize?p=<POLICY>
- Getting the access token for Microsoft Graph API
- iOS client: I can have user sign into Active Directory, but how to access MS Graph API?