This guide demonstrates how to configure a sample Android mobile application to sign in users, and call an ASP.NET Core web API using Microsoft Entra for customers.
File/folder | Description |
---|---|
/app/src/main/res/raw/auth_config_ciam.json |
Configuration file. |
.gitignore |
Define what to ignore at commit time. |
README.md |
This README file. |
LICENSE |
The license for the sample. |
-
Microsoft Entra External ID for customers tenant. If you don't already have one, sign up for a free trial.
-
An API registration that exposes at least one scope (delegated permissions) and one app role (application permission) such as ToDoList.Read. If you haven't already, follow the instructions for call an API in a sample Android mobile app to have a functional protected ASP.NET Core web API. Make sure you complete the following steps:
- Register a web API application
- Configure API scopes
- Configure app roles
- Configure optional claims
- Clone or download sample web API
- Configure and run sample web API
To enable your application to authenicate users with Microsoft Entra, Microsoft Entra for customers must be made aware of the application you create. The following steps show you how to:
Register your app in the Microsoft Entra admin center using the steps in Register an application.
Add platform URL using the steps in Add a platform redirect URL.
Enable public client flow using the steps in Enable public client flow.
Grant API permissions using the steps in Delegated permission to Microsoft Graph.
Grant web API permissions to the Android sample app using the steps in Grant web API permissions to the Android sample app.
Clone the sample Android mobile application by following the steps outlined in Clone sample Android mobile application.
Run and test the Android sample mobile application by following the steps in Run and test sample Android mobile application.
Open app/src/main/res/raw/auth_config_ciam.json
file and you find the following json configurations:
{
"client_id" : "Enter_the_Application_Id_Here",
"authorization_user_agent" : "DEFAULT",
"redirect_uri" : "Enter_the_Redirect_Uri_Here",
"account_mode" : "SINGLE",
"broker_redirect_uri_registered": true,
"authorities" : [
{
"type": "CIAM",
"authority_url": "https://Enter_the_Tenant_Subdomain_Here.ciamlogin.com/Enter_the_Tenant_Subdomain_Here.onmicrosoft.com/"
}
]
}
The JSON configuration file has:
Enter_the_Application_Id_Here
is replaced with the Application (client) ID of the app you registered during project setup.Enter_the_Redirect_Uri_Here
is replaced with the value of redirect_uri in the Microsoft Authentication Library (MSAL) configuration file you downloaded earlier when you added the platform redirect URL.Enter_the_Tenant_Subdomain_Here
is replaced with the Directory (tenant) subdomain. For example, if your tenant primary domain iscontoso.onmicrosoft.com
, usecontoso
. If you don't know your tenant subdomain, learn how to read your tenant details.
You use app/src/main/res/raw/auth_config_ciam.json
file to set configuration options when you initialize the client app in the Microsoft Authentication Library (MSAL).
To create PublicClientApplication object, use the following code:
private suspend fun initClient(): ISingleAccountPublicClientApplication = withContext(Dispatchers.IO) {
return@withContext PublicClientApplication.createSingleAccountPublicClientApplication(
this@MainActivity,
R.raw.auth_config_ciam
)
}
In the initClient()
method, create an MSAL instance so that we can perform authentication logic and interact with our tenant. The app/src/main/res/raw/auth_config_ciam.json
file is passed as parameter.
- Search the GitHub issues in the repository - your problem might already have been reported or have an answer.
- Nothing similar? Open an issue that clearly explains the problem you're having running the sample app.
This project has adopted the Microsoft Open Source Code of Conduct. For more information, see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.