I'm using Azure AD B2C to authenticate users coming from my web site authenticated by username and password, my website backend uses Azure Graph API to communicate with Azure AD B2C. I'd like to add Facebook Login on my website and I'd use Azure AD B2C to validate the Facebook token, is it possible? can I invoke Azure AD Graph API to validate Facebook token? how? I'm using Azure AD Graph API because I like to use my custom login/registration page.
Related
I want to get my to-dos from my Microsoft Todo (https://to-do.live.com) but I don't have a clue on how to get started. I searched online but did not find documentation for a REST API.
Does anyone know how to access certain Todo lists from MS Todo (formerly known as Wunderlist)? Is the Graph API the place to look? I don't have an Office 365 account.
You could use Graph API for to-do tasks
For example to list all the tasks categories :
To access tasks under a specific category :
https://graph.microsoft.com/v1.0/me/todo/lists/{id}/tasks
with the token in the request body to authorize the request.
Authorization : Bearer <Token>
To get Token
I understand you don't have any Office 365 Work accounts.
Access the below url and login
https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/RegisteredApps
Login using your personal account credentials.
Register app :
Once registration is complete, you will be getting app credentials.
Once Registration done. Grant the permissions :
App --> App Name --> API Permissions --> Graph Api
Check the below Tasks delegated permissions
You can authorize the client using the below url :
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id={client_id}&scope={scope}
&response_type=token&redirect_uri={redirect_uri}
Obtain the token.
I'm creating a demo application in .NET Core 2.1, which uses Azure AD B2C to login with Facebook, all good there, however, I would like to get the facebook access token to be able to invoke facebook api, I thought it would be added to claims or at least have access to an event like OnAuthorizationCodeReceived, where you would retrieve the access tokens, though so far I see no way to do it.
Is there any way to retrieve the facebook access token through azure b2c, if not, what would be the best recommended alternative?
Thanks.
It seems it is now possible to get the Identity Provider Access Token as a claim using Azure B2C, check Pass an access token through a user flow to your application in Azure Active Directory B2C
Currently, an access token from the external identity provider (e.g. Facebook) can't be passed through Azure AD B2C to your client application, i.e. this isn't a supported scenario as yet.
The only alternative is to implement a direct federation between your client application and Facebook.
I'm trying to develop a React application that will allow users to login with their Azure AD accounts and their Facebook accounts.
The first thing is that I didn't understand about the 2 tabs "User
Pools and Federation Identities". Do I need both to get it done or
just the User Pools is enough?
My goal is just the authentications. I don't want to allow users to access any AWS service. I just want the authentication token.
I already got the user logged in via facebook using the Federation Identities and the Facebook SDK, but I don't know how to keep the user data saved after getting the token from facebook auth. Also is it correct to use the facebook SDK or should I use Cognito to take care of all authentication methods for me?
Do I need both to get it done or just the User Pools is enough?
No. Userpool is more than enough if you just need authentication and do not need to use AWS services.
I already got the user logged in via facebook using the Federation Identities and the Facebook SDK, but I don't know how to keep the user data saved after getting the token from facebook auth.
What user data do you need to save. If you want User's profile data to be saved in Cognito, you need to use Cognito Userpool & not Federated Identities. Add Facebook directly to Userpool. Upon using Facebook login, a user is auto-created in the userpool based on all user data available in the token. See this doc on how to add Facebook to a userpool directly.
Also is it correct to use the facebook SDK or should I use Cognito to take care of all authentication methods for me?
Depends on your use-case. If you just want to add authentication to an app, the best way would be to Add Facebook to a Userpool directly, create an app client in the userpool for your application; enable Facebook for that app client & use Cognito Userpool's built-in UI to login using Facebook. This feature (built-in UI) is called App Integration. After successful Facebook login, a valid token will be sent to your app. Do note that the token sent to your app would be from Cognito.
Client--> Userpool built-in UI --> Redirect to Facebook --> Login using username +password --> Facebook sends its token to Cognito ( https://your-user-pool-domain/oauth2/idpresponse)-->Userpool vends its own token & redirects to the URL mentioned in the redirect_uri.
I'm developing a Web API that needs create, read, update and delete privileges on OneDrive for Business sites using REST.
So far my understanding is that an Azure Application will need to be registered within Azure for this
WebAPI.
Once registered the Application will have a client ID and secret key that can be used as part of OAuth. Also within Azure it can also be given the permission to call the SharePoint 365 API. (Provided the authenticated user is also authorized).
MSDN has code examples in which using the Application client ID within OAuth the client gets redirected to a login page for authentication. Once they enter in their username and password they are redirected back to the web application.
http://msdn.microsoft.com/en-us/library/azure/dn646737.aspx
As I am developing a web API I do not want any redirects to login pages. Instead I would like to automatically authenticate using a service account. (Which will have appropriate permissions within the OneDrive for Business site).
Does anyone know how this can be done or point me in the direction of some code samples?
Thanks
Service to Service (app only) grants aren't possible today for SharePoint with AzureAD OAuth. We only allow app + user grants.
This is on our radar - please stay tuned.
I am using Windows Azure Mobile Services to log in using facebook. Once the user logs in I have the token but when I try to use this token with the facebook client I get a bad signature exeption.
Isnt it supposed to be the same token?
How are you getting the FB token? The token you receive from the mobile services client is the Azure Mobile Services token, and you can't use it with FB. To get the FB access token, you need to get it via a server script (with the user.getIdentities() function), as shown at http://blogs.msdn.com/b/carlosfigueira/archive/2012/10/25/getting-user-information-on-azure-mobile-services.aspx.
Another alternative is to use the Facebook SDK directly, which will give you a FB token (and you can then use that token to log in to Azure Mobile Services directly. The post at http://ntotten.com/2013/03/14/using-windows-azure-mobile-services-with-the-facebook-sdk-for-windows-phone/ has some information on how this can be done.