All geek questions in one place

Why is my Azure Mobile Service not accepting the carrier token that ADAL.js sends?

I am using ADAL.js with an implicit stream to authenticate an AngularJS application to be able to access the Azure Mobile Services API.

I set the Azure AD identity on the Identity tab of AMS (Azure Mobile Service) as follows:

Application URL: https: // <> .azure-mobile.net / login / aad

Client ID is the client ID from the application installed on Azure AD.

Valid tenant: <>. onmicrosoft.com

The header is included in the GET request: Authorization: Media eyJ0eXAiOiJKV1Qi ...

But I get a 401 response from AMS.

What am I doing wrong or missing?

UPDATE: It looks like I will need to call the AMS endpoint by passing Azure AD access_token to get the AMS token. And I get this answer:

{"code": 401, "error": "Error: authentication with" windowsazureactivedirectory "is not supported." }

So, I assume that I will need to ask for support from the service specified by https://msdn.microsoft.com/en-us/library/azure/dn283952.aspx

Maybe someday this will be supported for the back of javascript. But the more I do AMS, the more it looks like I should have a .net backend.

UPDATE 05/29

I changed my AMS to a .Net server to use the client thread. I am using the following code:

client.login('aad', { "access_token": sessionStorage['adal.idtoken'] }) .done(function (results) { alert("You are now logged in as: " + results.userId); sessionStorage.X_ZUMO_AUTH = results.mobileServiceAuthenticationToken; }, function (err) { alert("Error: " + err); });

However, I get a 401 answer.

UPDATE: Based on another SO issue, I created a second application in Azure AD for the client. I installed it to access the API application. I also updated my code to the following:

  adalService.acquireToken('<<AMS App Client ID>>') .then(function(token) { $http({ method: 'POST', url: constants.apiBaseUrl + '/login/aad', data: { "access_token" : token }, headers: { 'X-ZUMO-APPLICATION': constants.appKey } }). success(function (data, status, headers, config) { alert(data); }). error(function (data, status, headers, config) { alert(data); }); }); }

But I still get 401. I also tried it with mobile sdk, still 401.

+3
source share
3 answers

Due to another SO member who posted a blog on how to do this ...

http://blogs.if-blueprint.de/svenor/2015/06/19/authenticate-azure-mobile-service-app-adal-js/

... who pointed to the link that allowed me to solve it.

My problem was that the application URL in the AAD client application was not in a trusted domain in Azure Active Directory. I used https://mysite.azurewebsites.net .

When I changed it to a URL that was in the domain https://mydomainname.onmicrosoft.com/myappname , it just worked like magic.

0
source

It looks like you are following the right steps. Could you take a look at how on the Azure website to see if youโ€™ve lost something? Could you share the client code you use to sign in?

https://azure.microsoft.com/en-us/documentation/articles/mobile-services-html-how-to-use-client-library/#caching

+1
source

My suspicion is that 401 is based on the fact that ADAL.JS represents an identifier token that is different in structure from the access token that Mobile Services expects. The client flow in Mobile Services was built around earlier ADAL clients for their own mobile platforms, and they have access tokens that they can provide.

One of the main things that Mobile Servicer checks for an access token is that the tokenโ€™s audience is the endpoint / login / aad, but this does not apply to identifier tokens.

Based on what I see, I do not think that ADAL.JS is supported by Mobile Services at this time. It doesn't look like you can get the access token needed for a client-oriented stream. It is best to use a server stream that sounds as if you are running.

+1
source

Source: https://habr.com/ru/post/988507/

More articles:


All Articles