Support for tenanted endpoint in Graph explorer. #568
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Currently to go a tenant in Graph Explorer, we need to create a local account in tenant. After this change a tenantId queryString parameter can be passed and then all login requests will go to that tenant. sample request https://developer.microsoft.com/en-us/graph/graph-explorer?tenantId=abc.onmicrosoft.com if no tenantId is specified, the request goes to common endpoint. Tested the redirection is happening correctly.
thewahome
approved these changes
Jun 2, 2020
|
@agrabhi Can you explain what scenarios this enables? Is it just for enabling logging into a tenant as a guest user? |
|
@darrelmiller - yes. Its a huge pain point for everyone I know inside MSFT. So I would not say 'just' :). |
|
@agrabhi Usually the process is to open an issue to identify the problem and discuss with the team how that feature might be implemented. Using query parameters as a way to expose public features is probably not the ideal solution. We have also been discussing how to address the needs of being able to sign into the B2B tenants and provide access to sovereign clouds. It would be nice to have a single feature that addresses all of these needs. /cc @ddyett @bettirosengugi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Overview
Currently to go a tenant in Graph Explorer, we need to create a local account in tenant. After this change a
tenantqueryString parameter can be passed and then all idtoken and access token requests will go to that tenant.Tenant parameter can be guid or the domain name for the tenant.
sample request
https://developer.microsoft.com/en-us/graph/graph-explorer?tenant=abc.onmicrosoft.com
if no tenant is specified, the request goes to common endpoint.
RedirectUri notes
MSAL.JS documentation says that default redirect uri is window.location.href but taking a look at
this and this shows that its not complete location but only host part of it.
So I had to modify the change which specifies the redirect url explicitly since the auth requests fail because of that. the redirect uri will come from MSAL like function now. This change was made by @thewahome in #551
Test cases
Testing Instructions
If tenant is specified, user can login to their desired tenant
https://developer.microsoft.com/en-us/graph/graph-explorer?tenant=abc.onmicrosoft.com