Skip to content

Azure-Samples/ms-identity-ciam-browser-delegated-android-sample

Repository files navigation

Sign in users and call a protected web API in sample Android (Kotlin) mobile app

Overview

This guide demonstrates how to configure a sample Android mobile application to sign in users, and call an ASP.NET Core web API using Microsoft Entra for customers.

Contents

File/folder Description
/app/src/main/res/raw/auth_config_ciam.json Configuration file.
.gitignore Define what to ignore at commit time.
README.md This README file.
LICENSE The license for the sample.

Prerequisites

  • Android Studio.

  • Microsoft Entra External ID for customers tenant. If you don't already have one, sign up for a free trial.

  • An API registration that exposes at least one scope (delegated permissions) and one app role (application permission) such as ToDoList.Read. If you haven't already, follow the instructions for call an API in a sample Android mobile app to have a functional protected ASP.NET Core web API. Make sure you complete the following steps:

    • Register a web API application
    • Configure API scopes
    • Configure app roles
    • Configure optional claims
    • Clone or download sample web API
    • Configure and run sample web API

Project setup

To enable your application to authenicate users with Microsoft Entra, Microsoft Entra for customers must be made aware of the application you create. The following steps show you how to:

Step 1: Register an application

Register your app in the Microsoft Entra admin center using the steps in Register an application.

Step 2: Add a platform redirect URL

Add platform URL using the steps in Add a platform redirect URL.

Step 3: Enable public client flow

Enable public client flow using the steps in Enable public client flow.

Step 4: Delegated permission to Microsoft Graph

Grant API permissions using the steps in Delegated permission to Microsoft Graph.

Step 5: Grant web API permissions to the Android sample app

Grant web API permissions to the Android sample app using the steps in Grant web API permissions to the Android sample app.

Step 6: Clone sample Android mobile application

Clone the sample Android mobile application by following the steps outlined in Clone sample Android mobile application.

Step 7: Run and test sample Android mobile application

Run and test the Android sample mobile application by following the steps in Run and test sample Android mobile application.

Key concepts

Open app/src/main/res/raw/auth_config_ciam.json file and you find the following json configurations:

{
  "client_id" : "Enter_the_Application_Id_Here",
  "authorization_user_agent" : "DEFAULT",
  "redirect_uri" : "Enter_the_Redirect_Uri_Here",
  "account_mode" : "SINGLE",
  "broker_redirect_uri_registered": true,
  "authorities" : [
    {
      "type": "CIAM",
      "authority_url": "https://Enter_the_Tenant_Subdomain_Here.ciamlogin.com/Enter_the_Tenant_Subdomain_Here.onmicrosoft.com/"
    }
  ]
}

The JSON configuration file has:

  • Enter_the_Application_Id_Here is replaced with the Application (client) ID of the app you registered during project setup.
  • Enter_the_Redirect_Uri_Here is replaced with the value of redirect_uri in the Microsoft Authentication Library (MSAL) configuration file you downloaded earlier when you added the platform redirect URL.
  • Enter_the_Tenant_Subdomain_Here is replaced with the Directory (tenant) subdomain. For example, if your tenant primary domain is contoso.onmicrosoft.com, use contoso. If you don't know your tenant subdomain, learn how to read your tenant details.

You use app/src/main/res/raw/auth_config_ciam.json file to set configuration options when you initialize the client app in the Microsoft Authentication Library (MSAL).

To create PublicClientApplication object, use the following code:

private suspend fun initClient(): ISingleAccountPublicClientApplication = withContext(Dispatchers.IO) {
    return@withContext PublicClientApplication.createSingleAccountPublicClientApplication(
        this@MainActivity,
        R.raw.auth_config_ciam
    )
}

In the initClient() method, create an MSAL instance so that we can perform authentication logic and interact with our tenant. The app/src/main/res/raw/auth_config_ciam.json file is passed as parameter.

Reporting problems

  • Search the GitHub issues in the repository - your problem might already have been reported or have an answer.
  • Nothing similar? Open an issue that clearly explains the problem you're having running the sample app.

Contributing

This project has adopted the Microsoft Open Source Code of Conduct. For more information, see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.

About

No description, website, or topics provided.

Resources

License

Code of conduct

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages