Reputation: 495
Azure Active Directory - Get Authorization for Access Token
I'm following https://learn.microsoft.com/en-gb/graph/auth-v2-user in the hope of calling Microsoft Graph Api from my web app. On section 2 of the article it explains how to get the auth code which is required for making the request to get the access token ...
Can someone please advise where I get the 'code' from as part of the request in part 2? I was expecting this to be returned in the redirect URL as a query string param, but this is not the case.
Thanks,
Edit
I have opted against using MSAL becuase of the bugs I have encountered when using the library. Instead my configartion is the following;
Startup.cs
JwtSecurityTokenHandler.DefaultMapInboundClaims = false;
var serviceProvider = services.BuildServiceProvider();
var userAuthenticationTicketRepository = serviceProvider.GetService<IUserAuthenticationTicketRepositoryWrapper>();
var configSettings = serviceProvider.GetService<IConfigSettings>();
services.AddAuthentication(sharedOptions =>
{
sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddAzureAd(options => configuration.Bind("Config:AzureAd", options))
.AddCookie(options =>
{
options.SessionStore =
new AuthenticationTicketStore(userAuthenticationTicketRepository, configSettings);
});
Implementation of AddAzureAd
public static AuthenticationBuilder AddAzureAd(this AuthenticationBuilder builder, Action<AzureADOptions> configureOptions)
{
builder.Services.Configure(configureOptions);
builder.Services.AddSingleton<IConfigureOptions<OpenIdConnectOptions>, ConfigureOidcOptions>();
builder.AddOpenIdConnect(options =>
{
options.Events = new OpenIdConnectEvents
{
OnRemoteFailure = context =>
{
context.HandleResponse();
context.Response.Redirect("Account/AccessDenied");
return Task.FromResult(0);
}
};
});
return builder;
}
ConfigureOidcOptions
public class ConfigureOidcOptions : IConfigureNamedOptions<OpenIdConnectOptions>
{
private readonly AzureADOptions _azureOptions;
public ConfigureOidcOptions(IOptions<AzureADOptions> azureOptions)
{
_azureOptions = azureOptions.Value;
}
public void Configure(string name, OpenIdConnectOptions options)
{
options.ClientId = _azureOptions.ClientId;
options.ClientSecret = _azureOptions.ClientSecret;
options.Authority = new Uri(new Uri(_azureOptions.Instance), _azureOptions.TenantId).ToString();
options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.CallbackPath = _azureOptions.CallbackPath;
options.UseTokenLifetime = true;
}
public void Configure(OpenIdConnectOptions options)
{
Configure(Options.DefaultName, options);
}
}
Upvotes: 0
Views: 115
Answers (1)
Reputation: 15609
The Authorization request should be
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
client_id={client_id}
&response_type=code
&redirect_uri=http://localhost/myapp/
&response_mode=query
&scope=offline_access user.read mail.read
&state=12345
Replace the tenant and client_id with your value. And the redirect_uri should be consistent with the one in the portal.
When you request the url in the browser, you will be asked for logging in. After that, you will get the code parameter in the url.
Upvotes: 1
Related Questions
- Requesting Azure AD permissions on-demand
- Azure Get Authorization Bearer Token API
- Get Azure Active Directory Token with username and password
- Get Access Token from Azure Active Directory using username and password
- OAuth2 with Azure AD - Not getting user consent
- Obtain Azure Access Token
- Getting access token in azure with azure account username and password
- Get Access token with Azure AD multi-tenant openID authentication
- Validate OAuth 2 Access Token for Login
- how to get access token after windows azure active directory authentication