azure-active-directory | Azure Active Directory OAuth 2.0 flow | Azure library
kandi X-RAY | azure-active-directory Summary
kandi X-RAY | azure-active-directory Summary
An implementation of the Azure Active Directory OAuth 2.0 flow.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of azure-active-directory
azure-active-directory Key Features
azure-active-directory Examples and Code Snippets
Community Discussions
Trending Discussions on azure-active-directory
QUESTION
I have a spring boot application integrated with Azure AD SAML login. I have followed this sample to achieve this. It works fine in localhost but on deployment to a prod url, it keeps giving below error
the redirect uri that I see in the authorization request URL starts with http. This is contradictory because Azure App Registration does not allow to configure any non https URLs and only exception is localhost.
In order to match URLs, I tried editing App Registration's manifest in Azure portal to make it http. Now, it seems URLs match but then I get below error:
I have also tried setting https URL both on azure portal and application.properties using "azure.activedirectory.redirect-uri-template" as mentioned in stack overflow post here but that also does not work.
I have also gone through this post but that also didn't help.
Any help would be much appreciated.
...ANSWER
Answered 2021-May-19 at 11:55In order to solve the error of redirecting to https but the redirect_uri in request still starts with http, there are two similar issues:
1. The HTTPS requests terminate at the proxy and the proxy then uses HTTP protocol to communicate to your Tomcat server. You will face this if you deploy your code on cloud providers like App Service. Answer is here.
In application.properties:
QUESTION
I receive the following error:
...ANSWER
Answered 2021-May-06 at 10:04Your code looks correct. But as the error shows "nested exception is java.lang.IllegalStateException: Client id must not be empty.", you need to check the application.properties again and make sure it's correct.
And the sample needs three dependencies(spring-boot-starter-oauth2-client, spring-boot-starter-web, azure-spring-boot-starter-active-directory), you could try to update your pom with the newer version.
There is my code following the tutorial.
Main:
QUESTION
I've used following link https://docs.microsoft.com/en-us/azure/developer/java/spring-framework/configure-spring-boot-starter-java-app-with-azure-active-directory
In this I was able to authorize, but when the page opens, instead of the HTML page I want to show, I see this:
But in controller I'm calling newhome.html:
Controller code:
...ANSWER
Answered 2021-May-10 at 09:31By using @ResponseBody you are returning a simple String. I’m assuming you want to return a template page called “newhome” instead. Just remove the @ResponseBody and it should work
QUESTION
So I got a connection working using tedious but the options available in node-mssql for handling JSON are something really useful that I would like to have access to.
The documentation for node-mssql says you can pass an object with authentication settings that tedious would use and it will override the user/password properties but it's definitely not doing that. I can confirm because the error message comes back with the value for the user property.
Is there something wrong with the config object?
...ANSWER
Answered 2021-Apr-26 at 01:30Here's the example using node-mssql and azure-active-directory-password(supports Azure AD from tedious@4.1.0):
QUESTION
I already read and tried this, this, and many other resources, without success.
I have a UWP app that calls an AAD-protected HTTP-triggered Azure Function. I created the two app registrations on the AAD section of the Azure portal. The API app registration specifies a scope and has an application ID URI of api://5e6b2b53-.... On the “Authentication” blade, I set https://login.microsoftonline.com/common/oauth2/nativeclient as redirect URI. I already set the same value as the redirect URI of the UWP app registration (I don’t know if it’s correct). I also set:
On the Function app registration. I also set the following redirect URI for the Function app registration, but I don’t understand if it’s required:
The UWP app registration uses the right scope I defined on the Function app registration. Both the app registrations are multi-tenant. The code I use on the UWP app to call the protected Azure Function is:
...ANSWER
Answered 2021-Apr-08 at 07:32I've done some test and hope it could help, if I misunderstood in some place, pls point it out.
First I created a http trigger function, when I called GET https://xxx.azurewebsites.net/api/HttpTrigger1?name=asdfg, I would get the response like hello asdfg.
Then I followed this doc to enable authentication via azure ad. That means I create a new azure ad app, expose an api like this.
After this step, when I call the GET request, it asks me to sign in then I can get the same response. Next I created another azure ad app and add api permission of the api I exposed just now, and via this application, I can generate access token with the scope of that api, and with this access token in the Authorization request header, I can access the GET request directly.
QUESTION
I have an application that needs to connect to Azure SQL Server and is using Sequelize as the ORM. I am trying to make the solution more secure by authenticating using a service principal. I am using the module @azure/ms-rest-nodeauth to obtain an access token and passing that to Sequelize in my DB initializer. The function 'loginWithServicePrincipalSecret' gets me the access token by passing the SPN credentials.
...ANSWER
Answered 2021-Feb-24 at 02:14Could you please try using the Silent flow with MSAL.js, which internally uses the refresh token to fetch new tokens as and when needed? acquireTokenSilent(@azure/msal-node) can perform silent renewal of tokens, which means you are no need to get the refresh token by yourself.
QUESTION
Connection works fine following this tutorial when using:
...ANSWER
Answered 2021-Mar-22 at 02:43These auth ways apply to different scenarios, for example, if you want to use Active Directory Integrated authentication, you need to federate the on-premises AD with Azure AD via ADFS, if you want to use Active Directory Managed Identity authentication, you must run your code in an Azure service which supports MSI(need to enable MSI first), because the code essentially makes an API call to the azure instance metadata endpoint to get the access token, then use the token to auth, it is just available in the MSI-supported service.
So if you want to migrate the code from the old sdk to the new one, you need to choose the correct auth way that applies to your scenario. Here I recommend you to use the Active Directory Service Principal authentication, it can apply to any scenario, please follow the steps below.
1.Register an application with Azure AD and create a service principal.
2.Get values for signing in and create a new application secret.
3.Grant the permission to the service principal with CREATE USER [Azure_AD_Object] FROM EXTERNAL PROVIDER.
4.Then use the code here, fix the values with yours and got from step 2.
QUESTION
I am trying to connect to my Azure SQL instance using an Access Token from Azure AD. I was following this tutorial over here: https://medium.com/microsoftazure/deploying-a-dacpac-to-azure-with-azure-pipelines-and-managed-identity-89703d405e00
But something is not working right in the approach.
The first thing was to make sure my user was setup in the database via:
...ANSWER
Answered 2021-Feb-26 at 18:08I found the issue, and my problem is more minuscule than I thought.
I found my answer in this answer: Azure SQL Grant Access for AD User using PowerShell and ServicePrincipal
What's happening is this line:
$conn.AccessToken = $(az account get-access-token --resource=https://database.windows.net/ --query accessToken)
returns an Access Token wrapped in Double Quotes
$conn.AccessToken = $(az account get-access-token --subscription $subscription --resource https://database.windows.net --query accessToken -o tsv)
That -o tsv at the end will trim the double quotes from the output.
On TediousJS the problem was that I was doing
QUESTION
I am trying to create azure ad groups, create a devops project and grant the azure ad groups permissions. Though I have found that the azure ad groups does not sync instantly (see https://developercommunity.visualstudio.com/idea/712605/allow-manual-force-sync-azure-active-directory-to.html)
...ANSWER
Answered 2021-Feb-18 at 09:10I tested and got the same result. It seems that the AAD group can only be retrieved by get ADO groups API after it is searched in ADO portal.
I saw you were trying adding the AAD groups to ADO groups via ADO rest api. You can use Groups - Create rest api as workaround. There is no need to get the aad group's descriptor first. You can use the Object Id of the AAD group directly.
POST:
QUESTION
I have only recently been tasked with writing some Business-type web applications, in the past many years I had mostly been working on SQL, services, and other non-client project -- so much of this is all new to me. I have had good success picking up and being productive with hosted Blazor WebAssembly. I need work through how to secure a Webassembly, so google lead me to:
While I was not very familiar with the Azure portal, the reference seemed quite detailed and I thought this would be straightforward. I tried walking through the steps to Register a server API app in an existing tenant:
- Azure Active Directory > App Registrations, New Registrations -- check
- Provide Name for the App -- check
- Choose supported account types (accounts in this organizational directory) -- check
- Leave Redirect URI options to web and don't specify a redirect URI -- check
- Clear Permissions > Grant admin consent to openid and offline_access - NOPE, no option on this screen for this, I wonder if that setting has moved or if somehow I don't the permissions to see it.
- Having no other choice to proceed, I select Register.
During a quick look, I could not find anything about openid and offline_access. Is it right under my nose, or no longer needed, is the documentation out of date, or is there an easier approach? I didn't proceed further, other than to tinker, to the client app registration as I felt the server registration was not valid. Are there any other bumps in the road on the client application registration as well?
Just for perspective, right now, I am content to just force a login verified against AAD.
Thanks for any help!
...ANSWER
Answered 2021-Feb-01 at 01:57You are correct. There is no Permissions > Grant admin consent to openid and offline_access under normal AAD | App registrations.
But it indeed has this part under Azure AD B2C.
So I guess the document is not updated to synchronize with the Azure portal.
Don't worry about that. You can skip the step 5. After the Azure AD app is created successfully, you can assign and consent the openid and offline_access under Microsoft Graph permissions. Please note that don't forget to click on Grant admin consent for {your tenant}.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install azure-active-directory
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
