I am new to UWP and I am trying to make an app that includes sign in with Microsoft account. The problem is that I got very confused what API should I use and how to make the authentication.
After very long search I found that Microsoft have APIs and SDKs for everything - Outlook, OneDrive, Live, Office365, Microsoft Graph etc. But there is no clear documentation, what developer should use to authenticate a user and get his account details such as name and email.
It seems that the Live SDK could do the trick, but Microsoft state that this SDK is legacy and developers should use OndeDrive SDK. But OneDrive don't suit my needs, I can't get users email address and also I have to have developer account so I can build a sample app to test it. This is too much just for a test, isn't it?
After more research I found that Microsoft Graph could help, but it seems that it is only for business purposes or maybe I am wrong?
So in short what I try to achieve is making an app that let the user sign in with his Microsoft account. After successful authentication I need to get his account details so I can build him a profile in the app. And all of this I want to do it without having to make developer or business accounts.
Hope someone could help, becaouse the Microsoft documentation is very confusing.
Microsoft Graph does support the ability for you to sign in with a Microsoft Account, and then access the user's very basic profile and their personal consumer OneDrive and Outlook. Token acquisition is achieved through the new v2 endpoint (converged auth, that allows you to get a token for the signed in user, whether they are a consumer user through Microsoft Account or a commercial/business/school user through Azure AD).
I recommend taking a look at a couple of places. One place is https://graph.microsoft.io/en-us/docs/authorization/converged_auth and here on app registration and token acquisition: https://azure.microsoft.com/en-us/documentation/articles/active-directory-appmodel-v2-overview/ and here for get started for windows apps: https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-devquickstarts-wpf/. NOTE: This last one uses a preview/experimental client library.
Hope this helps,
Related
I'm trying to setup authentication against Azure DevOps using MSAL. I've followed Microsoft's sample but I can't get it to work with personal Microsoft accounts. Whenever I try to login with a personal account I get the following error:
This username may be incorrect. Make sure you typed it correctly. Otherwise, contact your admin.
In the sample I have only changed ida:Tenant to "common" and ida:ClientId to my application id. I've setup my App Registration by following the guide in the sample except for the "Supported account types" which I've set to:
All users with a work or school, or personal Microsoft account can use your application or API. This includes Office 365 subscribers.
What am I doing wrong or missing?
When configuring the application to use your app registration, you need also find the key ado:OrganizationUrl and replace the existing value to the URL of your Azure DevOps organization. Please note: This must use HTTPS. As it mentioned in Configure the application to use your app registration.
If you already replaced the ado:OrganizationUrl, you may have a try to change the Supported account types back to "Accounts in this organizational directory only" to see if it works for troubleshooting.
I spent a little bit time to get the samples working and the key steps required to accomplish this are:
the Microsoft personal account need to be added to an Azure active directory tenant. As MSAL uses Azure AD as a fundamental infrastructure.
https://learn.microsoft.com/en-us/answers/questions/228067/invite-or-add-personal-ms-account-to-azure-ad.html
Link the Azure Ad tenant (with the Microsoft personal account) to the Azure DevOps service Instance.
https://learn.microsoft.com/en-us/azure/devops/organizations/accounts/connect-organization-to-azure-ad?view=azure-devops
To complete the sample, I used my MS personal account to sign up a free Azure account (so that I can test the Azure AD stuff), and used the same account to request a free Azure devops service account.
Thanks
In your question you mention:
"I'm trying to setup authentication against Azure DevOps using MSAL. "
So, the goal is to let Microsoft Account users logon to some part of Azure DevOps using MSAL? I'm curious what the exact use case is, but let's assume I understand you correctly.
The first thing that comes in mind is, are those users already invited to the AzDo organization? Please read here how to do this.
Doing this will add them to the Active Directory as a guest like this:
Alternatively if you just want to invite these users to Azure, please use the invite from: https://portal.azure.com/#view/Microsoft_AAD_UsersAndTenants/UserManagementMenuBlade/~/AllUsers
This site suggests this error occurs when the user doesn't have multi-factor authentication setup. You may need to have your Microsoft account setup with MFA.
Currently, when we use Microsoft Authenticator App with Microsoft account, they ask us to click approve or deny instead of filling in the passcode into logging website, system.
Can we apply the same experience into our website without Microsoft account such as individual account or organizational account?
I suppose if it can, Microsoft will ask us to register an api to let them upon users approve,deny.
If it cannot, is there any alternative apps, services provide this?
PS: of course we can implement by ourselves mobile app acts as an authenticator app
Thanks for your help
Twilio developer evangelist here.
You can achieve this effect using the Authy push notification API along with your users using the Authy application. This method can also fall back to using an in app code or SMS based 2FA too.
I am looking to see how I can integrate authentication to a bot using Azure AD. There is a nifty code Microsoft offered in this article about authentication with azure bot. What it does is offer a sign in option to users, they log in and authenticate by copy/pasting the 6 magic numbers back to the chat. I used AADv1 example to test it in Teams.
Here is the direct github link to the cs file where the GetTokenDialog is (line 95): github link
However I am having trouble finding a way that it automatically authenticates the user in Microsoft Teams since we use SSO within corporate network.
The picture in this link,Microsoft Teams bot picture, is from a Who bot that you can download to Teams and talk to it. It basically does the authentication automatically after the user initially clicks "Allow".
Is there a way to replicate this process?
I think this can inform you.
botframework on teams channel 1:1 Authentication AAD integrated
At this time it's can't possible to SSO your bot on teams channel but you can compare the tenantId of your AAD.
Note of response (Adrian Solis) : Currently, there's no way to get the user's AAD token automatically-- you have to get the user to go through a login experience (as described in the documentation links you posted above) to get an AAD id or access token.
I did not found an answer for such specific question.
I have checked:
https://graph.microsoft.io/en-us/docs
I have also found the thread below, but it was not useful:
Microsoft Graph does not work with ADFS?
I would like to know how to get ADFS and Microsoft working together in a .NET MVC app. I did not found anything for that in https://graph.microsoft.io/en-us/code-samples-and-sdks
Thanks.
Per the other thread you reference - Office365/Azure AD can be federated with ADFS (using AD Connect or Azure AD PowerShell for example). Once this is in place, an app can use AAD to sign users in (using their corporate creds), and acquire access tokens to Microsoft Graph to access the signed-in user's cloud data (after consent is provided by the user).
We also support a preview of "hybrid deployments" which allows an app to be written once against Microsoft Graph, but can access a user's Outlook data whether the user's mailbox is hosted in Office365, outlook.com (personal email) or in an on-premises Exchange mailbox.
If this is the information you are looking for, please update your question to be more specific about your scenario, so that we can provide more help.
I want to fetch my users gmail profile details like phone, time zone, city, contacts, emails, chats and every thing else.
Is it possible to do it with oauth or I should use from something else?
And please guide me how to use oauth or your suggested library.
It is possible, but you have a slight confusion regarding the use of OAuth.
First, OAuth is an authentication protocol which some of Google's APIs support. It is used to verify credentials in a safer and departmentalized way. Meaning that the user can grant limited access to a third party application. The application access can be limited to one or more services.
Note that not all Google APIs support OAuth authentication.
You can read more about Google-OAuth here:
https://developers.google.com/accounts/docs/OAuth2
Second, to access the information you want you probably need to use the Admin SDK which includes the Email Audit API
The Google Apps Email Audit API allows Google Apps administrators to audit a user's email, email drafts, and archived chats. In addition, a domain administrator can retrieve account login information and download a user's mailbox.
This excerpt is from here, where you can read more about this API:
https://developers.google.com/admin-sdk/email-audit/#accessing_account_information
I did not use it myself, but as I understand it, the Admin SDK gives you access to most if not all the information you need. So in case you need to access more information, just look for other Google APIs. Here a list of Google APIs where you can start looking: https://developers.google.com/apis-explorer/