I'm working on a windows app using pure JavaScript and try to use AAD for authentication. The issue that I'm facing is aftering calling the "login" function from adal.js which will redirect user to the login page, how shall the app receive the response assuming the user logged in successfully? The page that I'm seeing now after login is saying"This page cannot be displayed. Make sure the web address https://login.microsoftonline.com is correct." I have entered the redirectURI value in azure with the one starting with "ms-app://s-1-15-***".
I've gone through the examples from the AAD developer's guide and I don't see examples of windows app + pure JavaScript. The "Windows Universal" section has example of C# and the "JavaScript" section is for web page application.
As adal for js is designed for web application, the redirect_url parameter requires a web server host location. So the using plain javascript to integrate adal for js is not so suitable in this scenario.
You can try to follow several workarounds:
To use C# lib in your UWP application.
To use Azure Mobile Apps' Authentication feature to authenticate & authorize your users. On sever side, you can refer to https://learn.microsoft.com/en-us/azure/app-service-mobile/app-service-mobile-windows-store-dotnet-get-started-users. And on your UWP side, you can refer to https://yorkporc.wordpress.com/2014/06/07/winjs-windows-store-app-and-aad-sso-experience-i-e-save-cookies-from-microsoftonlineaad-login-pages/ for similar usage.
Any further concern, please feel free to let me know.
I finally figured out how to perform the AAD authentication in windows app using javascript. So there's the WebAuthenticationBorker from WinRT that can be utilized for the authentication through the OAuth2 endpoint.
A link here is a very helpful example.
Related
I was planning to use Facebook Social Login in my Hybrid application ( HTML5/CSS/JS and Cordova) However on going to facebook developer I could not see an option for choosing cordova based app.
So shall I consider www , i.e. Javascript based SDK for implementing facebook social login?
From security point of view, is it good choice to choose JS SDK in hybrid application?
Thanks!
Yes, you can choose www for create app for hybrid platform and you just need to set the App id into application so if someone decompile your app they just get an App Id and nothing else, other all things are saved into your developer facebook account.
So you can create your app with this www without worrying about the security of an app.
Also you can create Facebook login with the simplest use of OpenFB,
You just need to create Facebook API from Facebook Developer Account
And Pass the App ID into javascript file of facebook login function.
I am creating a JavaScript app which runs in browser of the desktop user, I need to display some data from SharePoint Online site, how do I authenticate and get display data in the App?
What kind of data did you want to display? As far as I know, we can query the data from SharePoint online using Microsoft Graph API. To use this API, we need to register the app first and in this scenario, we can register a client app(refer to here).
Then we can use the ADAL.JS to authenticate the application. For a sample demonstrating basic usage of ADAL JS please refer to this repo.
And if you were developing an SPA app, we can use the OAuth 2.0 Implicit Grant protocol to obtain an ID token (id_token) from Azure AD. The token is cached and the client attaches it to the request as the bearer token when making calls to its web API back end.
No you can't do this using JavaScript. You should use the Client Object Model (CSOM) to achieve the same.
If you want to achieve the same please refer the url
https://github.com/nickvdheuvel/O365-ADALJS-examples/blob/master/Authenticate-an-Office-365-user-with-ADAL-JS/Authenticate-an-Office-365-user-with-ADAL-JS.html
Hope this information helps you.
I am working on a MEAP (Mobile Ent. Application platform) which uses PHP on server side and javascript on client side. The web application is consumed through an appshell (hybrid app) on IOS devices. The application also stores the userid and password so user doesn't have to enter it again.
We also have a portal link (portal in SharePoint) in this application which user click and it launches the Safari which again presents login prompt to user. (windows authentication to sharepoint).
Is it possible to somehow pass the userid/password to safari so it will automatically login to sharepoint portal??
I just need to know the best approach to follow in this scenario?
According to my knowledge, the sharepoint uses NTLM authentication so I tried creating Ajax call by passing NTLM authorization header, but it doesn't work?
I used below js to create NTLM authentication.
https://github.com/erlandranvinge/ntlm.js
Since you are launching safari, you can pass it a url. Why not pass query parameters to the url and get the credentials from there?
Ofcourse, this will require a slight modification of the sharepoint side, a small javascript will do.
My current project constists of 2 components:
a WCF server application
a purely client-sided (javascript, jQuery, TypeScript etc) website which consumes the service.
When the client saves data to my database via the WCF service, I need to log who made the last modification to that data.
To do this I need the username of the account the client website's browser is running under.
Browser support needs to be:
Chrome
Firefox
IE 10/11.
I don't want to create a login form for my website, I want the user to be able to open the website and be logged on using their Windows/Citrix account.
Javascript can't get to the account username because of security concerns obviously.
Any suggestions?
I have a experimental answer for you. Not sure but posible to work correctly. I think, you can activate impersonation and basic authentication on iis. Then client(browsers) ask credentials to client. In service layer, you can enable impersonation too. but only iis impersonation may enough.
I am developing a PhoneGap application and require my users to sign in through Google with OAuth2. Is this possible directly through JavaScript? I have almost no experience with JavaScript (and jQuery).
What are the options? I have thought of a cumbersome alternative which involves posting the username/password to an application I have hosted on a server which then takes care of logging in. Then the PhoneGap app will have to ask the server if the authentication was successful. However, I was hoping there would be a simpler way.
What is the best way signing in through Google on a PhoneGap app?
I have managed to get it working! I'm posting my thoughts here because I had a hard time finding the answer after hours of searching the web.
The important steps are:
Make sure ChildBrowser works properly
Setup a function that will listen to page changes
window.plugins.childBrowser.onLocationChange = function(fooUrl) { console.log(fooUrl); }
Build the URL with the query string as described in this tutorial
Point ChildBrowser to the URL
When the user logs in, you will be able to extract the session token from fooUrl
If you still don't know how to do this, have a look at this Android app.
(There is a lot of code, and it might seem overwhelming, so I suggest only going for this as a last resort)
Google will not allow you to perform direct authentication by handling the user credentials directly. Instead Google wants you to perform an authentication protocol, typically OAuth 2.0. Other popular authentication protocols you may hear about is OpenID 1.0, 2.0, OpenID Connect, SAML 2.0, ID-FF, etc. These protocols will redirect the user to the Identity Provider (Google, in this case), and send you back with an assertion that you may use to trust the user. With APIs, like Google, you would make use of the authorization functionality of OAuth, which provides you with a token that you may use with all Google APIs after authentication.
A good introduction to how OAuth 2.0 works
With PhoneGap and mobile apps, things are a bit different than the typical OAuth setup.
In your case, the browser is in a controlled environment, your app, and you may
select to redirect the user to Google Authorization endpoint using the main view,
select to open a ChildBrowser with the Google Authorization endpoint, to not lose any state on your app.
to somehow open Safari or another browser with the authorization endpoint, and register a custom schema handler, to redirect the user back to your app after authentication.
These examples are vaguely mentioned in the OAuth 2.0 specifications, but there are no aid in what is the best or optimal in a specific use case. Often the best possible option is not perfect (from a user perspective).
I recently wrote a tutorial on how to make this work with Phonegap and ChildBrowser for iOS.
OAuth 2.0 Guide for Phonegap using ChildBrowser and JSO