Using a simple C#/WPF application and the SharePointPnPCoreOnline I can call the GetWebLoginClientContext() method which opens up a window for the user to authenticate via MFA to a given SharePoint site. From that point on I can query the SP site based on the users level of access. The convenient thing about this approach is that I don't have to register my WPF application with Azure AD, give it permissions, get a client ID, client secret, yadda yadda yadda.
Is there a library that will similarly allow me to authenticate a user via MFA so that I can access the Graph API based on their permissions without the AAD app registration requirement from a C# client application? How about a JavaScript application?
This is not possible, to access the graph api, (for a work or student account) there must be an app registration to give you permissions to those endpoints. even the "graph explorer" has a registered application.
Even with your sharepointpnpcoreonline, that likely authenticates against an app registration/service principal, its just that its microsoft trusted app registrations, so it's hiding it in the background from you. if you were to check in your azure ad enterprise applications under microsoft applications, there are various service principals for sharepoint online for example.
Long and short of it is that you need to have an app registration/service principal to access graph api endpoints. you don't necessarily need a client secret though, as that depends on your specific application and the authentication flow you choose to use in your app registration.
Related
I am trying to implement sso with firebase authentication and i am trying to use without using third party like okta and wanted to know is it any workaround with this.basically the use case like this
A client wanted to build a custom SSO solution and had already chosen Firebase, based on Google’s promise to rollout SSO support in the future. The client did not want migration to any other SSO provider like Auth0 or Identity Server, or to deal with user-password migration and potential related issues. They preferred instead to use a temporary, custom solution that would store user’s passwords in Firebase Authentication.
The client had several customer portals based on WordPress Customer Relationship Management (CRM) and an existing list of users in Firebase Authentication. Each time users visited a new portal, credentials were required, and again when users followed a link from one portal to another. It was not always obvious for users that the same credentials should be used for different portals.
By default, Firebase keeps authentication context for one domain but doesn’t provide seamless SSO integration between different domains. To provide this functionality, SoftServe determined that a new Firebase service should be implemented.
I have enabled SSO using Azure Premium AD with Google Apps, i can login to Google apps when I go to browser and click my apps however I need to get data programmatic after I login into O365. Instead of clicking my apps i need to use a programmatic snippets (ex., javascript) query some data from google apps or any configured SaaS based apps.
You can try to use adal for js to authenticate and authorize your users. You can write a initialization functionality in your client application using javascript. When the document is loaded, check whether the user is signed in, if so, call your additional APIs, if not, use adal to login.
So I can get all necessary data from my server when username and password are provided (zumoJwt token, user id and auth identity), but I still cannot get the user id property from the user object at the server side. I'm trying to set the user as follows:
Ext.azure.Authentication.setCurrentUser({id: res.id, token: res.token});
Where res.id is the user id and res.token is the server generated zumoJwt token.
So my question here is as follows: How can I set these values properly to proper place in order to authenticate to the server with my custom authentication service?
The Sencha Touch Extensions for Windows Azure are built to connect via oAuth to the Azure Mobile Services, and therefore only support the oAuth providers available from Azure (Facebook, Twitter, Google, Microsoft).
Calling Ext.azure.Authentication.setCurrentUser() literally does nothing except store those values locally in HTML5 localstorage. Those values might get added to HTTP request headers later (if useHeaderAuthentication is set to true)... but these Azure extensions for Sencha Touch aren't going to allow you to use a custom oAuth provider.
Does Azure Mobile Services even allow you to use a custom authentication service? I know the Active Directory integration is new, but the Sencha Touch extensions don't support that yet.
I have tried using the node-xmpp package and blather gem. I got the furthest with blather, but succeeded with neither.
Blather attempt:
https://github.com/adhearsion/blather/issues/119
Node-xmpp attempt:
https://github.com/astro/node-xmpp/issues/149
From the Facebook API Docs:
Authenticating with Username/Password
The DIGEST-MD5 SASL mechanism is available to support traditional XMPP
or multi-protocol IM clients that are not customized for (or even
aware of) Facebook. This mechanism requires prompting the user for his
or her password; therefore, it should only be used when necessary. In
particular, it MUST NOT be used for any client that:
Proxies the XMPP connection (the connection must be directly from the user's computer to Facebook).
Reports messages or any other information about user activity to a third party (including the client developer).
Integrates with Facebook, or has a Facebook Application ID. If your application does any of the above, you must use Facebook Platform authentication instead.
I think your application is doing one of the following, correct me if I'm wrong but based on the links you provided for your blather and node-xmpp issues I think you may be trying to violate the third criteria.
Integrates with Facebook, or has a Facebook Application ID. If your application does any of the above, you must use Facebook Platform authentication instead.
Link: https://developers.facebook.com/docs/chat/
I've been debating this with my colleagues but we have no clear solution. OAuth gurus, your wisdom is needed please!
Context:
My company "CompanyX" is exposing a set of REST APIs which are protected behind an own OAuth2 service. I have full control over the OAuth implementation.
3rd party developers use the API and OAuth to develop apps.
My company plans to develop a client-side ONLY web application for desktop and mobile browsers. Users of this app log into their account with a username/password. In the spirit of "eating our own dog food", the new web app will use the existing REST APIs and OAuth service.
Instinctively, I would have my app use the OAuth2 password grant-type.
Problem Statement:
Picture this: as a user, you press the Login button on the AppX (my app) developed by CompanyX (my company). It redirects you to a box that reads:
"AppX by CompanyX" wants to access your CompanyX data, do you allow
it?
This doesn't look right: CompanyX shouldn't have to ask the user's permission to access the data it itself manages, right? How should OAuth be used here, which OAuth grant type should be used that doesn't compromise the app secret (this is a client-only "insecure" web app) ?
Thanks
Remi