msal

B2B users cannot sign in to Tenant using v2.0 endpoint & MSAL Auth flow

不想你离开。 提交于 2021-02-20 18:54:11
问题 I am trying to create a B2B Management portal. I've started off with this sample since it uses MSAL and Graph API. user@live.se is in the tenant. It's been invited as a "guest user", i.e a B2B user. However, signing in with user@live.se does not work even though it's been added to the tenant. Following error after sign-in: AADSTS50020: User account 'user@live.se' from external identity provider 'live.com' is not supported for api version '2.0'. Microsoft account pass-thru users and guests are

B2B users cannot sign in to Tenant using v2.0 endpoint & MSAL Auth flow

喜夏-厌秋 提交于 2021-02-20 18:54:09
问题 I am trying to create a B2B Management portal. I've started off with this sample since it uses MSAL and Graph API. user@live.se is in the tenant. It's been invited as a "guest user", i.e a B2B user. However, signing in with user@live.se does not work even though it's been added to the tenant. Following error after sign-in: AADSTS50020: User account 'user@live.se' from external identity provider 'live.com' is not supported for api version '2.0'. Microsoft account pass-thru users and guests are

B2B users cannot sign in to Tenant using v2.0 endpoint & MSAL Auth flow

时光毁灭记忆、已成空白 提交于 2021-02-20 18:54:02
问题 I am trying to create a B2B Management portal. I've started off with this sample since it uses MSAL and Graph API. user@live.se is in the tenant. It's been invited as a "guest user", i.e a B2B user. However, signing in with user@live.se does not work even though it's been added to the tenant. Following error after sign-in: AADSTS50020: User account 'user@live.se' from external identity provider 'live.com' is not supported for api version '2.0'. Microsoft account pass-thru users and guests are

msal in React SPA - use access token received from AcquireTokenRedirect

大憨熊 提交于 2021-02-19 08:04:21
问题 I have a React SPA and I'm using msal to authenticate Microsoft users using loginRedirect. After the login, I'm acquiring an access token silently using acquireTokenSilent to call a web API. When acquiring the access token fails and interaction is required, I'm using acquireTokenRedirect. When I use acquireTokenRedirect, what I see is: 1. The user is redirected to login.microsoftonline.com. 2. A 302 response is returned with Location header that contains the redirect url + the access token. 3

MSAL AD token not valid with SharePoint Online CSOM

大兔子大兔子 提交于 2021-02-19 02:37:20
问题 I am able to retrieve and use an access token via MSAL in a desktop .Net project. I can successfully retrieve tokens and they are valid in my Graph calls. However, trying to use the access token with SharePoint Online CSOM results in a 401: Unauthorized. This is similar to accessing sharepoint REST apis using msal throws 401 (except I am using C# and the latest CSOM). It is my understanding that MSFT is trying to move devs away from ADAL and towards MSAL, but there seems to be some

Get delegate permission in MSAL for EWS without PublicClientApplicationBuilder and AcquireTokenInteractive

限于喜欢 提交于 2021-02-17 05:14:09
问题 In EWS OAuth flow we can get delegate permissions by following: var pcaOptions = new PublicClientApplicationOptions { ClientId = ConfigurationManager.AppSettings["appId"], TenantId = ConfigurationManager.AppSettings["tenantId"] }; var pca = PublicClientApplicationBuilder .CreateWithApplicationOptions(pcaOptions).Build(); // The permission scope required for EWS access var ewsScopes = new string[] { "https://outlook.office.com/EWS.AccessAsUser.All" }; // Make the interactive token request var

Get delegate permission in MSAL for EWS without PublicClientApplicationBuilder and AcquireTokenInteractive

[亡魂溺海] 提交于 2021-02-17 05:13:04
问题 In EWS OAuth flow we can get delegate permissions by following: var pcaOptions = new PublicClientApplicationOptions { ClientId = ConfigurationManager.AppSettings["appId"], TenantId = ConfigurationManager.AppSettings["tenantId"] }; var pca = PublicClientApplicationBuilder .CreateWithApplicationOptions(pcaOptions).Build(); // The permission scope required for EWS access var ewsScopes = new string[] { "https://outlook.office.com/EWS.AccessAsUser.All" }; // Make the interactive token request var

Reuse access token from MSAL in web view

為{幸葍}努か 提交于 2021-02-17 03:25:09
问题 In my iOS app I'm currently authenticating through the MSAL iOS SDK and it's working fine. Somewhere in the app I'm also required to show a website (opened via UIWebView) that also requires the same Azure AD authentication. Since I'm already authenticated through the SDK and have an access token, is there any way to bypass authentication process in the web view? 回答1: You can use one of the following for cookie sharing: 1. ASWebAuthenticationSession in MSAL + open URL in Safari browser MSAL

AZURE AD B2C The browser page is mis-rendered in Embedded Webviews with MSAL.net web(new versio userflow (Recommended))

▼魔方 西西 提交于 2021-02-17 01:56:07
问题 As the microsoft iffical said, The UWP can't use system web with aad b2c, has to use Embedded Webviews. But when I use MSAL.net, it offen mis-render the page, as the image below(in some times , the page maybe right render). And I can run the user flow and right render with my system chrome web browser . The uwp Embedded Webviews is in old edge core(maybe this is the reason?). what can I do? does Microsoft can solve the matter? 回答1: B2C is supported in UWP. Please upgrade the application to

Does Microsoft MSAL Resource Owner Password Credentials(ROPC) Grant authorization support ClientConfidentialApplicaton class to acquire Token?

丶灬走出姿态 提交于 2021-02-11 14:35:42
问题 MSAL for Python supports ROPC flow(Resource Owner Password Credentials Grant) supports token retrieve for Public Applications, Can we similarly use confidential client class in MSAL for python? The following links seem to say no--> https://github.com/AzureAD/microsoft-authentication-library-for-python/wiki/Username-Password-Authentication Also, if we can use both Public & Confidential client, which is recommended from a security standpoint? The application is a service app that runs behind