Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Azure Active Directory v2.0 Daemons and Server Side Apps Support

Trying to get clarity as to if the current v2.0 endpoint supports the Daemons and server-side apps flow.

This article talks about the flows: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-flows

It states:

This article describes the types of apps that you can build by using Azure AD v2.0, regardless of your preferred language or platform. The information in this article is designed to help you understand high-level scenarios before you start working with the code.

Further it states:

Currently, the types of apps in this section are not supported by the v2.0 endpoint, but they are on the roadmap for future development. For additional limitations and restrictions for the v2.0 endpoint

In the end I'm trying to build an app that connects to the Graph API that on a schedule connects to the API with "credentials" that allow it to access the API on behalf of a user that has allowed it to.

In my test harness I can get a token using:

var pca = new PublicClientApplication(connector.AzureClientId)
          {
             RedirectUri = redirectUrl
          };
var result = await pca.AcquireTokenAsync(new[] {"Directory.Read.All"},
                (Microsoft.Identity.Client.User) null, UiOptions.ForceLogin, string.Empty);

In the same harness I cannot get a token using:

var cca = new ConfidentialClientApplication(
                connector.AzureClientId,
                redirectUrl,
                new ClientCredential(connector.AzureClientSecretKey),
                null) {PlatformParameters = new PlatformParameters()};

var result = await cca.AcquireTokenForClient(new[] { "Directory.Read.All" }, string.Empty);

This will result in:

Exception thrown: 'Microsoft.Identity.Client.MsalServiceException' in mscorlib.dll

Additional information: AADSTS70011: The provided value for the input parameter 'scope' is not valid. The scope Directory.Read.All is not valid. Trace ID: dcba6878-5908-44a0-95f3-c51b0b4f1a00 Correlation ID: 1612e41a-a283-4557-b462-09653d7e4c21 Timestamp: 2017-04-10 20:53:05Z

The MSAL package, Microsoft.Identity.Client (1.0.304142221-alpha), has not been updated since April 16, 2016. Is that even the package I should be using?

like image 676
Montané Hamilton Avatar asked Apr 10 '17 20:04

Montané Hamilton


People also ask

What are the services supported by Azure Active Directory?

Azure Active Directory Domain Services (Azure AD DS) provides managed domain services such as domain join, group policy, lightweight directory access protocol (LDAP), and Kerberos/NTLM authentication. You use these domain services without the need to deploy, manage, and patch domain controllers (DCs) in the cloud.

What is Azure AD v2 0 endpoint?

v2.0. Authenticate a broader set of Microsoft identities through what has been known as the Azure AD v2. 0 endpoint, using Microsoft Authentication Library (MSAL), Azure portal, and Microsoft Graph API.

What is OAuth 2.0 in Azure?

The OAuth 2.0 is the industry protocol for authorization. It allows a user to grant limited access to its protected resources. Designed to work specifically with Hypertext Transfer Protocol (HTTP), OAuth separates the role of the client from the resource owner.

What is daemon in Azure?

A daemon application requires its own identity. This type of application requests an access token by using its application identity and presenting its application ID, credential (password or certificate), and application ID URI to Azure AD.


Video Answer


1 Answers

When using client credentials flow with Azure AD V2.0 , the value passed for the scope parameter in this request should be the resource identifier (Application ID URI) of the resource you want, affixed with the .default suffix. For the Microsoft Graph example, the value is https://graph.microsoft.com/.default.

Please click here for more details . And here is a tutorial for using client credentials flow with Azure AD V2.0 endpoint.

like image 62
Nan Yu Avatar answered Oct 14 '22 04:10

Nan Yu