I'm creating a demo application in .NET Core 2.1, which uses Azure AD B2C to login with Facebook, all good there, however, I would like to get the facebook access token to be able to invoke facebook api, I thought it would be added to claims or at least have access to an event like OnAuthorizationCodeReceived, where you would retrieve the access tokens, though so far I see no way to do it.
Is there any way to retrieve the facebook access token through azure b2c, if not, what would be the best recommended alternative?
Thanks.
It seems it is now possible to get the Identity Provider Access Token as a claim using Azure B2C, check Pass an access token through a user flow to your application in Azure Active Directory B2C
Currently, an access token from the external identity provider (e.g. Facebook) can't be passed through Azure AD B2C to your client application, i.e. this isn't a supported scenario as yet.
The only alternative is to implement a direct federation between your client application and Facebook.
Related
I have an azure mobile all that uses authentication/authorization with facebook, everything is setup and working on my mobile app, I’m able to authenticate with facebook and get an access token.
I also have a web app (ODATA) hosted in azure and also uses authentication/authorization with facebook and its also working fine if I try to access the ODATA service it redirects me to facebook to login.
According to this article (https://azure.microsoft.com/en-us/blog/announcing-app-service-authentication-authorization/) I should be able to silently or programmatically send the access token from the mobile app to the web app by sending a json with acces_token key.
The may question is how I do this, is that access token in the header or where should I write it I can find any information from it. I would really appreciate a code example or an article that can guide me to accomplish my task
The may question is how I do this, is that access token in the header or where should I write it I can find any information from it. I would really appreciate a code example or an article that can guide me to accomplish my task.
Based on my understanding, you are using Client-managed authentication for independently contacting the facebook then retrieve the access_token from facebook, then you could leverage the access_token to login with your azure mobile app backend.
Also, you have a Azure Web App uses authentication/authorization with facebook and use the same facebook App ID. Then you want to leverage the access_token in your mobile client to access your another Azure Web App. At this point, you could login with your azure web app and retrieve the authenticationToken as follows:
POST https://{your-app-name}.azurewebsites.net/.auth/login/facebook
Body {"access_token":"******"}
Then, you could leverage the authenticationToken and set it as the x-zumo-auth header when accessing your azure web app as follows:
Get https://{your-app-name}.azurewebsites.net/api/values
Header x-zumo-auth:{authenticationToken}
Additionally, you could create your custom Web API endpoints within your azure mobile app, details you could follow adrian hall's book about Custom HTTP Endpoints.
From what I understand about Oauth, a user logs in to Facebook, then Facebook provides my application with an access token that I can use to make calls to Facebook's API. Can I use that same access token to authenticate calls to my own API?
What would this look like in terms of storing and accessing user data for my own app such as personal settings and resources?
Can I use that same access token to authenticate calls to my own API?
You technically can. Token is just a random identifier that uniquely identifies a user within an application in the OAuth provider.
What would this look like in terms of storing and accessing user data for my own app such as personal settings and resources?
You need to store as much information as you need to uniquely identify a user and an application (if you support them) this token belongs to.
I'm developing a Web API that needs create, read, update and delete privileges on OneDrive for Business sites using REST.
So far my understanding is that an Azure Application will need to be registered within Azure for this
WebAPI.
Once registered the Application will have a client ID and secret key that can be used as part of OAuth. Also within Azure it can also be given the permission to call the SharePoint 365 API. (Provided the authenticated user is also authorized).
MSDN has code examples in which using the Application client ID within OAuth the client gets redirected to a login page for authentication. Once they enter in their username and password they are redirected back to the web application.
http://msdn.microsoft.com/en-us/library/azure/dn646737.aspx
As I am developing a web API I do not want any redirects to login pages. Instead I would like to automatically authenticate using a service account. (Which will have appropriate permissions within the OneDrive for Business site).
Does anyone know how this can be done or point me in the direction of some code samples?
Thanks
Service to Service (app only) grants aren't possible today for SharePoint with AzureAD OAuth. We only allow app + user grants.
This is on our radar - please stay tuned.
For this task I have already created my own facebook application to get the API key and secret key. Can anyone explain the next steps that should be done to
1) Read from facebook API
2) Write my own database
by using web services
Thanks in advance!
A high level answer:
I'm assuming you want to use the authorization code OAuth flow (this means you want Facebook users to give you access to their profiles so you can grab data from there). If so, you need to bring up a web server and an application that will run your users through the Facebook OAuth flow. In case you just want to access Facebook with your own credentials you don't have to have a web server, simply use the client credentials OAuth flow.
So, Once you have a valid access token, you simply make calls to Facebook API using this token. using Facebook Graph API is simply a matter of calling URLs and getting the data as JSON.
You can test-drive the API here.
BTW, according to Facebook's platform policy, you're only allowed to store Facebook data for caching purposes.
Let me know if this helps.
I am using Windows Azure ACS for facebook authentication in my application.
Azure by default gives 6 claims from facebook.
I need two additional claims DOB and Profile picture. How do I request these additional claims from Azure ACS?
Pls help. I can't seem to find any documentation on this!
You can't ask Azure to return more claims. What you can do is to use the claim value of "http://www.facebook.com/claims/AccessToken" which is one of the 6 claims from Azure.
Then send this accesstoken to facebook to get the other user permissions from Facebook. You can easily do this by using this tool: http://csharpsdk.org/