Im able to login to my angularjs app using the angular adal library
I can get a token and verify this token. My question is the following:
If i signout, should the token get revoked automatically? If not, how do i do so?
Currently Azure Active Directory does not support or provide an endpoint for an application to revoke the access/refresh tokens.
You may read more about configurable token lifetimes in Azure Active Directory to check the policies on token lifetimes and adjust that base on your requirement .
There is a sample logout code that you may be able to integrate as a workaround.
See: Can Azure AD ADAL (ios) refresh token be revoked from the client?
Related
I would like to communicate with the Active Directory B2C from my backend to manage users. This seems possible here:
https://learn.microsoft.com/en-us/graph/api/resources/user?view=graph-rest-1.0
However, I don't see how to get a login token (or cookies) for a user so the server can send it back to the front-end to have it logged-in. How is it possible to implement this scenario?
I have seen this link but it refer to OAuth.
https://learn.microsoft.com/en-us/azure/active-directory-b2c/add-ropc-policy?tabs=app-reg-ga&pivots=b2c-custom-policy
Thanks!
Azure B2C auth flow cannot generate an access token for Microsoft Graph.
You need to implement AAD auth flow by following Get access without a user or Get access on behalf of a user.
My web api services are protected by roles based authorization. So, my access token requesting from Azure AD doesn't include any roles in access token. Is it possible to add assigned roles(defined in manifest file and adding it on user) into access token?
would you please guide me with links and examples because I am not able to find any documentations?
Definitely possible, I've written an older article on the topic: https://joonasw.net/view/defining-permissions-and-roles-in-aad.
Make sure you define the roles in the manifest of the API.
Do note though that if a user has many roles and you use the implicit flow to get tokens in the front-end, they might not appear in the token.
If that happens to you, upgrading to MSAL.js 2.x and using authorization code flow with PKCE in the front-end should help with this.
I have a React application and a SpringBoot backend that I want to secure with Azure B2C.
I Have successfully created an auth Flow in the frontend with React and B2C and I reach the Access Token. Now In my idea I should pass the access token to SpringBoot, that should call B2C to validate my identity by the access token and get the userInfo and role. But in All Microsoft's Documentation I could't find any example for the validation. All the examples for b2C involve the authentication on a web-server-hosted page, with login in web-server. Anyone that can help my with a link to some documentation or example?
Thank You very much
I have set up an Azure Active Directory tenant with direct federation to Google. Next to that I have a .NET core web application using the OIDC code flow for getting both id_tokens and access and refresh tokens. The access token is used to call my API which is working fine.
Now the problem is whenever I use my refresh_token to get a new access_token I receive a new access_token, but no refresh_token. So I can only refresh once.
I only have this issue when authenticating with my Google account using direct federation. When I authenticate using a tenant native account I can refresh unlimited.
We have two multitenant Azure AD app registrations as described here. One for our single page application and one for our API. In our single page application backend we use the OpenIdConnect middleware to authenticate against Azure AD. Note that we are not using the common endpoint, but the tenant specific endpoint because otherwise direct federation does not work. We can reproduce this issue by intercepting the refresh token in the OnTokenResponseReceived event of the OIDC middleware and initiating the refresh flow as stated here (by using Postman for instance). The response is successful, but does only contain an access token, no refresh token.
Is this behavior by design?
I'm using the adal-angular5 v1.0.36 client library to authenticate my web application to Azure Active Directory.
The thing is that my session lasts 1 hour (the default expiration time) and I'd like to "renew" it silently for the user once it has expired; i.e. without having to ask the user for the credentials again or logging out and then login again (which would cause work loss for the user).
Is this possible to achieve?
As long as the user have an active session with Azure AD, ADAL JS does it automatically for you. ADAL JS examines the projected expiration of the existing token (in the cache) and if the token is about to expire, it uses an invisible iFrame to send a new token (renewal) request to Azure AD.
Please choose MSAL over ADAL and here is the sample for angular using MSAL.
Please refer the link for migration of ADAL to MSAL