Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Authenticating against a webapi using azure b2c from an spa (angular and adal.js)

Tags:

angularjs

asp.net-web-api2

azure

adal

I'm trying to authenticate my SPA (angular.js and adal.js (similar to the https://github.com/Azure-Samples/active-directory-angularjs-singlepageapp-dotnet-webapi example)

My AD is a azure b2c preview tenant.

I can successfully log in to my webapi from my Website, but not from the JS SPA via angular.

My Setup: Webapi and Website share the same clientid (does only seem to work this way) The SPA has its own clientid, because otherwise i get "api version not supported" errors when trying to log in. I have enabled oauth2AllowImplicitFlow for all applications, granted application permissions from the spa to the webapi. Cors is enabled on the Webapi and the SPA.

I even seem to be able to get a token after completing the login, but when i try to call my api, i get an access denied for this request.

Is this supposed to work this way? I could not find an example of how to use b2c together with a spa and the api running on different servers.

Thanks in advance

Peter

like image 271
user1073694 Avatar asked Nov 28 '15 18:11

user1073694

Video Answer

1 Answers

Officially it's not supported by Microsoft, but with some modifications of experimental branch on github azure-activedirectory-library-for-js you can get it working.

Fix logout url to v2.0 endpoint of oauth2 protocol with the policy parameter in the logOut method of adal.js at line 546:

var urlNavigate = this.instance + tenant + '/oauth2/v2.0/logout?' + logout + (this.config.extraQueryParameter ? '&' + this.config.extraQueryParameter : '');

The username property is never set in method _createUser of adal.js. The username is used in renew token process, fix it by adding this three lines:

if (parsedJson.hasOwnProperty('emails')) {
    user.userName = parsedJson.emails[0];
}

Finally, in adal-angular.js at line 146, acquireTokenSilent is called with wrong type parameter. This method accept only array type as scopes parameter, fix it by placing clientId in array:

_adal.acquireTokenSilent([_adal.config.clientId], null, function (error, tokenOut) {

I already pulled a request on github about this, you can use it as reference.

When you initialize adal provider on angular put your b2c sign in policy in extraQueryParameter like this:

adalProvider.init({
    tenant: 'tenant.onmicrosoft.com',
    clientId: 'clientid',
    extraQueryParameter: "p=B2C_1_SignIn"
}, $httpProvider);
like image 181
Alain Croisetière Avatar answered Nov 23 '22 08:11

Alain Croisetière
Sign in to Comment

Related questions

How can I use the AngularJS hash option of $q.all?
Pass Data $http.post From AngularJS and ASP.net MVC gets null
isolateScope() returning undefined when testing angular directive
What's the best way to store URLs, or URL domains, in AngularJS app?
Is there a way to access resolved state dependencies besides injecting them into the controller?
ng-repeat to access array inside of objects
how to call multi function in single ng-init directice using angularjs
AngularJS string replace on template
Angularjs select value is undefined
Increase width of column in ui.grid
AngularJS Interceptor TypeError: Cannot read property 'headers' of undefined
TypeError: Cannot read property 'push' of undefined, JavaScript
Nodejs / HapiJs with Angular.js
How to use a callback function on angucomplete-alt selected-object attribute?
app.configure(function){} typeerror undefined is not a function
Bind ng-options value and label to ng-model
Angular - save scope value to variable, but not update it when scope updates
how to focus angularjs ui-select input?
angularjs datatable button plugin
Angular Material autocomplete with $http call

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!