Hello I am trying to achieve following scenario.
We have Identity server 4 with multiple web MVC apps and Single sign on and Single Sign out works perfectly fine. We are using cookies based approach.
What is want to achieve
We want to create one mobile native application which will open one of the client registered with Identity server 4 in browser.
Question
How we can achieve, that once user get's logged into mobile native app with Identity server 4 it should automatically logged in to the web app opened in browser in that native app
Related
I am trying to create ASP.Net Core Hosted Blazor Webassembly with Azure AD authentication. As per this document, Microsoft suggests creating separate app registrations for the server api and the client app.
My question is: is it possible to use the same client id instead of the 2 separate mentioned in the document, since it really is 1 project/artifact (containing the static blazor site + web api) that will be deployed into Azure. Will there be an issue if only 1 app registration is used?
There shouldn't be an issue. The one thing I was thinking of that could have issues was the on-behalf-of flow but the article says basically no issues: https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-on-behalf-of-flow#use-of-a-single-application.
The new application model allows an app registration to have multiple platforms in it, so you can register reply URLs for desktop apps, mobile apps and API scopes all in the same app.
There might be some weird corner cases if it is a multi-tenant application, but if it is single-tenant there should be no issues with using a single app.
I am trying to add a new application to my azure AD to use for my Xamarin forms mobile app, but when I select Native app and finish the creation it does not show up under App Registrations but it does show up under enterprise applications but with a subset of functionality it seems, for example I cannot add users to the application and I cannot add reply to URLS etc, What could cause this behaviour?
Make sure you set the new filter to All Apps instead of My Apps.
Then it will show all Applications in the tenant.
I'm securing a web app with identity server 4. My app is split into 2 oidc clients an ASP.Net Core MVC client and a javascript(angularjs) client which uses the oidc-client javascript library.
When a user first visits the web app we redirect for log in to identity server, which logs in the mvc client. I want to the javascript client is then logged in using the silent login feature from the oidc-library.
Is it possible?
Is it an acceptable solution?
any points will be appreciated.
May be I am overcomplicating things and overthinking of a solution but this is what I am trying to accomplish:
I have an app that uses Ionic Angular JS as the frontend with multiple restful services from the backend. I am using a combination of Drupal and Yii2. Both of the apps can support Facbook login / sign up as web apps as the modules are available. Ionic app by itself can use FBLogin by using NGCordova. However, I need to do the following:
Login to Ionic app using Facebook Login.
Using this login create an account in both my Yii2 and Drupal 7 apps. (I can sacrifice one or the other if I really need to. I have two backends because I need one to store the custom logic an another for the content management.).
User should be able to create new nodes in both of the apps. (Yii2 will have a higher priority).
Any guidance will be great. Eventually I may expand FB login capability to Google ID as well.
I'm currently try to develop an Office web addin, integrated in the Outlook (Read and Compose).
Everything works fine, except the authentication process.
Indeed, We have to authenticate the user from within Azure AD to access another application (our own application using the Azure AD Architecture where we need to call some web apis)
The solution I used is issued from this great article from Richard diZerega :
Connecting to SharePoint from Azure web app
This solution (we opt for the last scenario) works fine in our Desktop and Web based solution.
But it clearely doesn't work in phone web app , IOS app.
The problem comes from the popup Windows allowing the user to log in.
Actually, window.open, window.location.replace etc ... don't work "as expected" in our Outlook frame.
Everytime it open a popup window. (This is a good solution when the user use the desktop or web Outlook application)
I remember read somewhere that the Office Window where the plugin is loaded, is a secured Window where we can't do any sort of redirection.
I tried to work with ADAL.js, enabling the implicit flow of course, but the problem is the same. We need to redirect the frame to the Azure AD login page.
Finally, the question is : How to deal with an OAuth2/OpenID authentication in an Outlook web addin, and when we want it to work with all kind of devices ?
Login in Adal.Js is a page redirect by default. You don't have pop up issue. Adal.Js gets idtoken initially to be used for your own back end. It also does iframe requests to get access tokens for API endpoints. Office365 APIs support CORS api requests and you can use adal.js to send requests. Tokens will be attached to the requests if you define the endpoints in the config.
You can read about examples here: https://blogs.office.com/2015/03/06/increasing-opportunities-javascript-developers-office-365-platform/
or here : http://www.andrewconnell.com/blog/adal-js-cors-with-o365-apis-files-sharepoint