Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added support for access tokens for use with implicit auth flow against AAD and Office365 #26

Merged
merged 4 commits into from
Mar 1, 2017
Merged

Added support for access tokens for use with implicit auth flow against AAD and Office365 #26

merged 4 commits into from
Mar 1, 2017

Conversation

Chipzter
Copy link
Contributor

@Chipzter Chipzter commented Mar 1, 2017

This way the developer can specify "token" as response_type in the AdalConfig object. To get an access token to Office365 one also needs to add a "resource=http://company.sharepoint.com" parameter using the extraQueryParameter property. Since the returned access token returns everything that's being parsed by the userDecoder, I'm using the idToken by default with accessToken as a fallback.

@HNeukermans
Copy link
Owner

wow impressive commit !!
I was waiting for a commit like that. Thanks a 1000 times.

I would very much like to document support for access token.

To be able to do that I would like you to document the 'data'.

For that I would like you add your data to the a.production.xxxx classes and have them exported as consts.

inside 'a.production.adal.config.ts' 2 things:

  1. can you add the adalconfig you are using to get access token back from AAD and export it as.
    ATenantConfig_AccessToken,
    the same for
  2. ATenantUrl_AccessToken . This must equal the value adal.ts sents out to AAD to acquire an access token. You can find it in the browser address bar, I guess.

Also inside a.production.aad.response.ts 2 things

  1. export const AadProductionTokenSample_AccessToken
  2. export const AadProductionRedirectHash_AccessToken = '#/access _token=' + xxSample_AccessToken ;
    Document what you get back as an redirect url please. Does the redirect starts with id_token or access_token ?

Robert Friden added 2 commits March 1, 2017 14:47
@Chipzter
Copy link
Contributor Author

Chipzter commented Mar 1, 2017

Thanks. :)

I've added the consts you requested now. Please have a look and check if it looks ok.

The ATenantConfig_AccessToken uses a SharePoint resource as an example, but could be any AAD resource, like Microsoft Graph, etc. Also, in order for implicit authentication to work with an AAD Client ID, you need to edit the app manifest in AAD to allow this ("oauth2AllowImplicitFlow": true). Of course, you also need to assign the appropriate permissions to the app, in my case, I've assigned the permission "read items in all site collections" on the "Office 365 SharePoint Online" app.

@HNeukermans HNeukermans merged commit 261ac90 into HNeukermans:master Mar 1, 2017
@HNeukermans
Copy link
Owner

HNeukermans commented Mar 1, 2017
edited

thx very much. I got it published to npm.

@evnexus
Copy link

evnexus commented Nov 27, 2017

Hi @Chipzter and @HNeukermans,

Sorry I'm kind of new to all of this. I was able to retrieve an ID Token with this code:

  getToken() {
    const context = Authentication.getContext(this.createConfig());
    return context.getToken();
  }

  private createConfig(): AdalConfig {
    const config: AdalConfig = {
      clientId: 'MY_CLIENT_ID',
      tenant: 'MY_TENANT_ID',
      redirectUri: 'http://localhost:4200',
      postLogoutRedirectUrl: window.location.origin,
      responseType: '',
      extraQueryParameter: '',
      resource: ''
    };
    return config;
  }

However, if I understood well in order to get an access token I'd be needing to do that to my AdalConfig?

  private createConfigAccessToken(): AdalConfig {
    const config: AdalConfig = {
      clientId: 'MY_CLIENT_ID',
      tenant: 'MY_TENANT_ID',
      redirectUri: 'http://localhost:4200',
      postLogoutRedirectUrl: window.location.origin,
      responseType: 'token',
      extraQueryParameter: 'http://mycompany.sharepoint.com',
      resource: '',
    };
    return config;
  }

But I still get an id token. Could you kindly give me some instructions, please? For now all I want to do is to get an access token and use fiddler to query Graph: https://graph.microsoft.com/v1.0/me, that's all.

Thanks so much.

@evnexus evnexus mentioned this pull request Nov 28, 2017
Open
@evnexus
Copy link

evnexus commented Nov 28, 2017

Hi, disregard my last message. I've found out he solution, THANK YOU so much @Chipzter the access token is crucial for my business application.

As you mentioned, I had to:

  1. Edit the app manifest in AAD to allow this ("oauth2AllowImplicitFlow": true)
  2. In my case, I've changed the Required Permissions on AAD "read items in all site collections" on Microsoft Graph
  3. Changed AdalConfig configuration to:
  private createConfig(): AdalConfig {
    const config: AdalConfig = {
      clientId: 'MY-CLIENT-ID',
      tenant: 'MY-TENANT-ID',
      redirectUri: 'http://localhost:4200',
      postLogoutRedirectUrl: window.location.origin,
      resource: '',
      responseType: 'token',
      extraQueryParameter: 'resource=https://graph.microsoft.com',
    };
    return config;
  }
}

@Taewa
Copy link

Taewa commented Jul 26, 2018

Hi @evnexus
extraQueryParameter is the one that add parameter on redirectUri ?
So if I understood correctly, it'd be http://localhost:4200?resource=https://graph.microsoft.com ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@Chipzter @HNeukermans @evnexus @Taewa