All geek questions in one place

AppAuth with Azure AD B2C

I set up the B2C service in Azure AD and enabled Google as an authentication provider only to find that Google denies authentication requests through the built-in web view. Then I found AppAuth, but I have a lot of difficulties in working with a sample iOS application.

The problem I am facing is related to uri redirection. Using AAD when redirecting uri for native applications results in an error in Safari Mobile. I tried to add a custom redirect urid that would be redirected to my iOS application, but could not, because it did not pass the verification in the configuration of the azure advertisement because it was not in the https URL scheme.

Can I use AppAuth with Azure AD B2C? Is there a way to configure this correctly or is a change required on the MS side?

EDIT

I have setup and running Azure AD B2C, including a Google account. This works as expected in a web browser, however, when I try to login to Google from iOS using the built-in webview, I get disallowed_useragent . Studying this, I came across the AppAuth library, which, in my opinion, is a safe choice solution, except that it does not work with B2C due to redirection problems, or at least I did not find a way to do this work.

I expect that I will need to provide a B2C redirect URL that is unique to my iOS application so that the SFSafariViewController can redirect back to my application. Using a web configuration in B2C seems to be the right approach, but it requires using https instead of a user scheme.

Is there a way to configure B2C for a custom redirect URI?

+6
source share
2 answers

I am a leading AppAuth developer.

Since Microsoft is currently restricting the URI to https redirect scheme, you have two options in iOS:

  • Configure Universal Link for your application so that it registers with the OS to process requests for a particular https domain.This is the safest option, since it prevents other applications on the device from trying to register the same link. However, this option is only available on iOS 9+.

  • Create an intermediate page that displays the authorization response options and then forwards them to your custom schema URI. I support the demo version of Android, which includes integration with Microsoft, here . The reseller page, unfortunately, requires an additional click from the user.

+1
source

Azure AD B2C supports web applications, mobile applications such as iOS and Android, and native applications.

To integrate Google accounts with Azure AD B2C, you need to go to the Google Developers Console to create the application. And then set up Google as an identity provider in Azure AD B2C. For more information see the following link.

https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-setup-goog-app

Then you need to register the application with the Azure AD B2C tenant. If the application is a mobile or native application, such as iOS, you can select it as your own client with the specified redirect URI for configuration. You can refer to the link below to register the application.

enter image description here

To enable login to the application, you also need to create a login policy. This policy describes the experience that consumers will experience during sign-in and the content of tokens that the app will receive upon successful sign-in. See the link below for more information.

https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-reference-policies

By the way, you can also refer to the following link for an example of creating an iOS application.

https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-devquickstarts-ios

0
source

Source: https://habr.com/ru/post/1013686/

More articles:


All Articles