Azure-Samples | sample description : How to use the Microsoft
kandi X-RAY | Azure-Samples Summary
kandi X-RAY | Azure-Samples Summary
page_type: sample description: "How to use the Microsoft Authentication Library for JavaScript (msal.js) to get an access token and call an API secured by Azure AD B2C." languages:.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of Azure-Samples
Azure-Samples Key Features
Azure-Samples Examples and Code Snippets
Community Discussions
Trending Discussions on Azure-Samples
QUESTION
I created an Azure AD B2C tenant with custom policies last year. Now I am trying to upload the same policies (with IDs changed as necessary) to a new tenant that we have just created and I get the following error when uploading the reset-password policy:
Validation failed: 1 validation error(s) found in policy "B2C_1A_PASSWORDRESET" of tenant "xxx.onmicrosoft.com".Persisted claims for technical profile "AAD-FlipMigratedFlag" in policy "B2C_1A_PasswordReset" of tenant "xxx.onmicrosoft.com" must have one of the following claims: userPrincipalName
These policies implement the Seamless Migration approach to user migration, based on samples in the following repositories:
https://github.com/Azure-Samples/active-directory-b2c-custom-policy-starterpack
https://github.com/azure-ad-b2c/samples
https://github.com/azure-ad-b2c/user-migration
As suggested by the error message, I have tried adding userPrincipalName
to the PersistedClaims
for the AAD-FlipMigratedFlag
technical profile, but I get the same error when uploading the policy.
I have also tried re-uploading the existing, working reset-password policy to the existing, working tenant, and I get the same error. Note that in this case I am re-uploading the exact same policy that has already been successfully uploaded and has been working for a year.
So the question is: what has changed and what do I need to do to fix this error?
Here are the relevant parts of my custom policy files. If there are any other parts you need to see, just let me know and I'll add them.
PasswordReset.xml
...ANSWER
Answered 2022-Feb-22 at 13:50Have yout tried to add the userPrincipalName claim to the OutputClaims section of PasswordReset.xml?
QUESTION
I am working on ASP.Net MVC classic application. This app get a access token to gain access the resource in the API. Once it get the access token then I want to store it and use it when I need it to call the API in different controller. However, I want to :
Store, retrieve and refresh and want to have understanding of AcquireTokenSilently().
We may get the token after user sign-in in Startup.cs and then it can be saved and retrieve to access API. So, it might be checked for expire token and then refresh or acquire token silently to access API resource. So whatever flow makes sense.
I have read several document for MSAL but did not get the clear picture and getting confused by AcquireTokenSilently(), Refresh(). Please see the below code where I am accessing token but I am not storing it.
...ANSWER
Answered 2022-Mar-07 at 17:57You don't store it. MSAL does. It has a token cache built in to it. This cache is application specific so that it will need to acquire a token the first time each application is run. You can also use a Broker to pull a token from the OS that is associated with the current user logged on.
QUESTION
Our SPA uses Azure B2C and MSAL (React) for user authentication. There are other requirements so we use custom policies instead of predefined user flows. But I struggle to implement Keep Me Signed In (KMSI) feature following these instructions.
- I used custom policies from the starter pack:
Phone_Email_Base.xml
andSignUpOrSignInWithPhoneOrEmail.xml
- Added
True
entry to - Updated relying party policy file with this:
ANSWER
Answered 2022-Mar-01 at 07:42When acquireTokenSilent() fails, MSAL will call ssoSilent(). This will launch a hidden iframe to try to get a token using cookie based SSO.
When this fails, a final error will come back. You must catch this error and call acquireTokenRedirect(). Now if your session setup for your technical profiles is setup properly, and a valid session cookie exists, you’ll get SSO.
https://docs.microsoft.com/en-us/azure/active-directory-b2c/custom-policy-reference-sso
If you are actually seeing a prompt for user input, your session setup is not correct for that particular techical profile. This is the real reason why ssoSilent() failed.
Your problem is not KMSI. To prove it, remove KMSI config, sign in to your app, remove the MSAL objects from the LocalStorage, force a token renewal. You’ll reproduce the issue you described, even without KMSI, and just after a few minutes of logging in.
QUESTION
I'm trying to validate a token that was provided by Azure AD inside of an AWS Lambda Function. At the moment I have a MVC Website that you can authenticate to Azure AD with, which returns a JWT Token. This JWT will be passed up to an AWS API Gateway where a Lambda Authorizer will verify it.
At first I thought the correct method was to pass the JWT back to Azure AD to verify the token. However after reading this, it appears I need to decrypt the token, and validate the issuer and audience. This lead me to this, which does successfully validate the token. However, if i change mySecret
to not match the one configured in Azure AD, it still successfully validates?
ANSWER
Answered 2022-Feb-22 at 11:34I've used something like this:
QUESTION
I really can't find any good documentation or any good samples on how to do this.
Here is my code. This is running in an Asp.net Core View.
...ANSWER
Answered 2022-Feb-17 at 18:03Here is what ended up working for me. I worked with Microsoft Support on this. locationData contains the image, longitude and latitude. The min and max of both longitude and latitude is passed in as well to set the camera boundry. The biggest issue with my original code was setting iconOptions size to 0.5. The plugin did not like that. It's now set to 1.
QUESTION
I don't do much web work but I recently began using FastAPI and am building an MVC app with jinja2 templating that uses PowerBI embedded capacity to serve multiple embedded analytics in app owns data arrangement. All of this works beautifully. However, I'm wanting to add further modules and I'd like to use the msal package to do user authentication by routing a user to the Microsoft login page, letting them sign in against a multi-tenant app service I set up in Azure, and then redirecting back to my page via redirect URI, grabbing the token, and progressing with authorization. Microsoft saved a great example our here for doing this in Flask. However, I am having fits porting the example to FastAPI.
I can get the user to the login screen and log in but I am having no luck capturing the token at my call back URI - it's appropriately routing but I am unable to capture the token from the response.
Has anyone (or can anyone) taken that super simple Flask example and ported it to FastAPI? Everything I find online for FAPI is back-end token-bearer headers for APIs - not meant for MVC apps.
Here's my current code. Messy because I have "tests" built in.
...ANSWER
Answered 2021-Dec-26 at 18:05This is because FastAPI session variables are stored client-side as a cookie, which has a limit of 4096 bytes of data. The data being stored from the redirect url is pushes the cookie size over this limit and results in the data not being stored. Starlette-session is an alternative SessionMiddleware that stores variables server-side, eliminating cookie limit. Below is a basic (but messy) implementation:
QUESTION
I am using the Azure Custom Vision service customvision.ai for data labelling. I trained my data from Azure and it can detect the objects via API or via quicktesting from the customvision.ai. I exported it to CoreML by the insturctions from Microsoft's documentation, but I couldn't make it work for ios or xcode.
There is a preview tab for coreML files on xcode. The sample models I downloaded from the internet works as expected. However, I cannot get the expected results for my model from xcode, compared to the API or quicktest via website.
How can I get it work on my ios app. I am using General (compact) [S1] domain for my model.
Progress Update:
I have found a sample code from Azure's github. It works with their model. However when I change the model and config files to my ones, it throws Bad access error somewhere.
Also I recognized the exporter versions are different and there is an extra metadata_properties.json in my version. So even if the readme from the repo states any 2.x version is supported, (mine is 2.1 but their model is 2.0) I guess that sample code doesn't support the version I exported.
Can I downgrade my model's version or are there any sample swift projects for the updated version.
...ANSWER
Answered 2021-Dec-08 at 23:41Changing the domain from General (compact) [S1] to General (compact) [S1] and feeding this new model into my project fixed everything. I don't know if this was coincidence but without replacing a single line of the code, it worked.
QUESTION
I'm following a sample for React w/ msal and AADB2C.
I want to run the reset password flow
if an user clicks "Forgot my password" in my signIn
flow. From here I saw that I need to handle this case:
ANSWER
Answered 2021-Sep-16 at 21:42You are getting the error in the console: Unhandled Rejection (TypeError): Cannot create property 'authenticationScheme' on string
You are getting this error because somewhere in your code you are using "authenticationScheme" but at the stage "authenticationScheme" object is null or undefined.
Update your code:
QUESTION
I've run into trouble getting my ASP.NET Core 5 MVC web app to run on a remote Windows 2019 server.
I've created a sample test app, with the "MS Identity" authentication scheme, which uses OpenID Connect to authenticate users against our company Azure AD.
This is my Startup.cs
for clarification:
ANSWER
Answered 2021-Sep-16 at 20:06Turns out this was due to the configuration inheritance in my IIS.
I had a first ASP.NET Core app in the "root" of the IIS site - which of course has a web.config
that looks something like this:
QUESTION
I am trying to implement functionality where I can get list of documents from share-point.I have tried this demo code from Azure directory implementation and login to account and also got details about sites and user data from graph API.
https://github.com/Azure-Samples/ms-identity-android-kotlin
I am able to get site data from graph API :
But when I am trying to get list then getting error or no value
I have also passed this authorization token to REST API but that too doesn't work.
...ANSWER
Answered 2021-Sep-06 at 10:00You can try with scope Sites.ReadWrite.All
instead of User.read
, as I tested it using Graph Explorer and I got access denied as the scope permission was not consented. After I consent the permission, it worked .
Example 1:
Before Consent:
After Constent:
I have created a test list on the Communication Site.
After that when I query for lists , I successfully get the above one I created.
Example 2 :
I also tested it using a Application registered to Azure AD. It didn't return me any error or any value as well when I queried for lists using that app's credential's from Powershell.
After I add Sites.ReadWrite.All
to the App's API permission's .
I can successfully get the Values of the lists.
To summarize it , it could be resolved in 2 ways :
- Changing the Scope shown on the screenshot given by you to
Sites.ReadWrite.All
instead ofUser.Read
.- Adding API permissions to the APP registration in the Azure AD for Microsoft Graph as shown in the example 2 second image.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install Azure-Samples
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page