-
Notifications
You must be signed in to change notification settings - Fork 112
ADAL Native Libraries Should Be Updated To Support B2C #85
Comments
Managed to get Android working with Android ADAL 2.0.3-alpha on this fork. Going through all of the ADAL sources and this plugin's implementation has me thinking that ADAL isn't really mean't for B2C. Is this the case?? I'm currently working off of the native mobile B2C implementations for Android and iOS to convert the plugin's features |
Just updated ADALiOS to 3.0.0-pre.2 and it works as expected for B2C, will have this in the patched plugin soon |
Plugin version in repo master has been recently updated to use ADALiOS 2.2.2 instead of 1.x - could you please see if version 2.2.2 is enough to enable this scenario or we should bump to 3.x?
|
Honestly, we have never tested plugin for B2C case. @jospete in your fork did you have to change any plugin internal implementation/logic to make it working or you just bumped native SDKs? I'm looking on the Android changes and see new |
After reading B2C Docs it looks like there is extra work required for B2C support other than just bumping native libraries. I'll discuss whether we plan to add B2C support w/ plugin owners. |
After learning a significant amount about how this plugin works and how it interacts with the ADAL libraries, the differences between the current plugin state and what B2C requires will basically boil down to that "policy" parameter, and possibly B2C's odd Oauth2 endpoints that require a "v2.0" intermediate (/oauth2/v2.0/authorize instead of /oauth2/authorize, /v2.0/oauth2/token instead of /oauth2/token) From what I've seen so far, Android ADAL v2.0.1-alpha and ADALiOS v3.0.0-pre.2 both remedy the policy bit and, even though the endpoints they generate are different from B2C, the updated versions still end up working. I used the Native B2C Android Project which has Android ADAL v2.0.1-alpha required by its build.gradle, and the v3.0.0-pre.2 Tagged ADALiOS Sample to prove out that the policy works correctly with both those versions. |
To answer your question about ADALiOS 2.2.2, I pulled the sample for that tag from here and there doesn't seem to be a place to put a custom policy, so I'm afraid this won't work. I guess I'd like the libraries to be updated to add support for custom policies, and not so much to support B2C - policies seem to be the connecting factor in all of this for me. To add to this, I tried adding the policy as an extraQueryParameter "p" on plugin version 0.7.1 and 0.7.2-dev, did not work on either. That's what led to here. |
@jospete, thank you for extra info! |
Update on plugin v0.7.2-dev - I've successfully gotten my custom policy to show in the prompt using these parameters: var opts = {
tenant: "*******.onmicrosoft.com",
resourceUrl: "https://login.microsoftonline.com",
redirectUrl: "https://*********.com/b2c/auth/return",
clientId: "f6dad784-f7d3-412c-92bd-*********",
userId: LocalStorage.get(USER_ID, null),
extraParams: "p=B2C_1_sign-in-up-policy&scope=openid"
}
...
authContext.acquireTokenAsync(
opts.resourceUrl,
opts.clientId,
opts.redirectUrl,
opts.userId,
opts.extraParams
) However, I get an invalid_grant error when trying to authenticate (tested with Android):
|
Same issue on iOS:
|
@sgrebnov I think updating the libraries appropriately will fix the Oauth2 problems listed above, but as you said, the library updates will entail some fairly significant plugin changes as far as API calls and Type definitions. |
The current decision is to wait till new version of native libs are officially released because we can't switch to pre-released versions and then review this work item one more time. In a mean time, it looks like that passing custom policy via query param is the simplest way to make B2C scenario supported. |
I am not able to run this B2C sample. Also can you highlight on when it will be officially supported or any updates? |
@EatonIoT If you're talking about the sample on my fork, I didn't update it to work with the patch. Try following the installation and sample usage on the patched readme for your project. B2C will probably be officially supported when Android ADAL 2.0.3-alpha and iOS ADAL 3.0.0-pre6 (and whatever the working alpha for Windows is) go into production - this seems to be a few months off though. |
@jospete I am not able to run your B2C sample code. I took ADAL cordova sample, remove "cordova-plugin-ms-adal" and add your plugin.
` But I am not able to redirect to azure login page.
|
Hi, I am using ADAL on Android. com.microsoft.aad.adal.AuthenticationException: Refresh token is failed and prompt is not allowed |
Hi, |
@rifhanakram, it hasn't yet, unfortunately |
@vladimir-kotikov Thanks for the update :) |
Any news on when B2C support is coming? |
if you have an web app hosted on azure app service and authentication and authorization for that app is handled via Azure B2C and if you want your Mobile App also to be authenticated and authorized via B2C you can use the Azure App Service Auth Lib for Cordova to do this. This is a use case i came across. i used server directed flow :). Hope this will be helpful for someone |
Any news on when B2C support is coming? |
1 similar comment
Any news on when B2C support is coming? |
Hi, is there any news about this, are you going to support B2C on the plugin soon? |
I am using @jospete patch in a POC but the token refresh does not work. |
@jospete I tried using your patch for my cordova app. Everything seems working except that I need to send scopes to the authorization URL according to my needs but it looks like they are hardcoded to be offline_access&openid&profile all the time and hence I am getting duplicate scope error when I try to send scopes in extraQueryParams. Could you please let me know if there is any way that I can send my scopes to the authorization URL? |
@jospete I have used your patch plugin for B2C into my cordova app, it is working fine, I am able to see the login page with B2C login provider. But from couple of days back I am facing issue in two of the scenerios: 2. Facebook login in andriod (not able to login) |
Any news? Almost two years and no updates yet? |
@matteobortolazzo Doesn't look like either of the native libraries fixed the oauth url issue for B2C. For reference, here's the culprit code I ran into back when this was breaking for me:
The B2C Docs state how the url is supposed to be structured (oauth2/v2.0/authorize), but the underlying libraries don't follow this pattern. Neither of the native libraries have been touched in ~2 years so I don't see this ever getting fixed. |
@jospete Do you still use your patch in your project? Does your solution support password reset? |
I wrote a class that uses Cordova InAppBrowser and Angular HTTPClient to do the OAuth2.0 authorization code flow. |
@matteobortolazzo That's probably the way that the B2C devs intended for everyone to implement login for cordova. |
@jospete I was able to implement the B2C Authentication using your library but when I get the response the userInfo property is empty, do you have any clue why this is happening? |
Would you share you work here, so we can get some ideas on how to manage this? Also, while you say you are supporting the Cordova implement via InAppBrowser, did you implement flow for web? |
@abcox I imagine the general usage would be:
@matteobortolazzo is this more or less what you did? |
@jospete Yes, the working solution was using SafariViewController and Custom URL Schema. Do the login, redirect to yourapp://redirect, listen to handleOpenURL, get the code and request a new access token. |
@jospete, @matteobortolazzo: thanks for your inputs... this is the high-level (pseudocode) that I am implementing. The difficulty is around how to implement in a way that would have the correct page shown whether or not the user is signed in, or is coming back from a sign in/up... For example, in the case of a successful sign-in, the redirect_url string that is permitted only allows me to navigate back to the root site (in test this is localhost:8100). On successful sign-in this results in navigation to localhost:8100/null (a blank page). If I navigate back, it goes to the page that was last loaded before window.open was invoked. How to manage the navigation around the results of the window.open ? The other issue is about how to successfully add a callback function to the window.open ? Are there any good examples of how to implement the Azure B2C in an Ionic app handling both mobile and web clients ? |
Hi, is there an update on this? Will there ever be support for Azure B2C on the Ionic framework? At the moment when trying to trigger my login page for the user - cordova is redirecting to a _blank page. This code however works fine in a standard Angular 6 Application. When the same code is used on Ionic the popup window 1. Either doesn't show up on web 2. When it does show up through an iOS/Android emulator, the window is blank Any help would be really appreciated. |
Also trying to implement B2C on Ionic - any updates on this team? @sambowenhughes - did you ever have any luck? |
@jjgriff93 Have a look at OAuth 2.0 authorization code flow in Azure Active Directory B2C. @AndyThurgood and I got B2C Auth tenant authenticating through an ionic app using this method. Documentation isn't great but if you get stuck: 1. Getting a valid CODE from B2C: Post Request (Form Encoded): 2. Getting the access token:
What this will return is a valid access token to speak to your services (Assuming your services are using this method of authentication). |
Thanks @sambowenhughes - so you managed to get this working on a native app as well as running in the web? Did you use a library for this or code it yourself? I've managed to implement the above utilising the angular-oauth2-oic package which works in the web but havent yet figured out how this will work in Android or iOS |
Yeah so using OAuth 2.0 authorization code flow in Azure Active Directory B2C we managed to get an Ionic App authenticating against our B2C tenant on both Android and iOS. The problem we had was we wanted our users to be able to authenticate using their existing accounts through another client (Ionic app). We used a mixture of InAppBrowser and Cordova Advanced HTTP to get the valid access token for our services. Our code looked something like this:
If the login is successful we pass the code over to 'getAccessToken(code)' which makes a second call to Azure to return a valid Access Token:
100% not the nicest approach but we hit a lot of walls when going about this. |
@sambowenhughes: that's great. Is there any repo you can share with the full ionic/spa solution? I'm struggling to find documentation and a concrete example step by step of how to make it work. Thanks a lot. |
Issue Description
I'm using this plugin in an ionic app to authenticate with Azure AD B2C, but after much trial and error documented by this stackoverflow post, I've come to the conclusion that the hardcoded Oauth2 extension "oauth2/authorize" in this file (and most likely the other Oauth2 native implementations as well) is breaking the B2C endpoint requirement of "oauth2/v2.0/authorize" specified in the B2C Docs
Would it be possible to add a "b2c" attribute to AuthenticationContext definition so the resulting AuthenticationRequest object will know to use the appropriate endpoints?
Repro Environment Details
The text was updated successfully, but these errors were encountered: