MSA or commercial/home account ? #26
Comments
If you have access to the Decoding these tokens yields 3 pieces of data: the header, the payload, and a signature verification field - these values are separated by a A sample {
"ver": "2.0",
"iss": "https://login.microsoftonline.com/9188040d-6c67-4c5b-b112-36a304b66dad/v2.0",
"aud": "32613fc5-e7ac-4894-ac94-fbc39c9f3e4a",
"exp": 1471367710,
"iat": 1471281310,
"at_hash": "obWC_Q1qhqvOek-NUy9m1A",
"name": "John Doe",
"preferred_username": "john.doe@outlook.com",
"sub": "AAAAAAAAAAAAAAAAAAAAALTk-6hzK4IfrxLrVKO01Vs",
"tid": "9188040d-6c67-4c5b-b112-36a304b66dad"
} The Extra useful tools: If you're using MSGraph SDK Android MSA Auth for Android Adapter I'll have to look into how we can get access to these tokens - if need be, we can loop in @peternied |
@iambmelt thanks for the response and I'm using MSGraph SDK Android MSA Auth for Android Adapter, it would be great if the auth adapter had a callback for identifying MSA vs commercial account before we can proceed to make graph service calls. |
@nycodes9 agree with this sentiment - long term, providing users with a simple way to determine their account type and what sort of functionality they can expect once authenticated would be ideal: sadly, this likely isn't on the docket for [MSGraph SDK Android MSA Auth for Android Adapter](MSGraph SDK Android MSA Auth for Android Adapter) - per the documentation
The standard 'feel free to fork/PR' language applies here - I unfortunately can't give any forecasts as to when the identity team will release the mentioned If you're looking for more comprehensive OAuth 2 support, there are a handful of general purpose libraries out there:
The bearer token should be returned to you as the The public IGraphServiceClient buildServiceClientExample() {
// Create the authentication adapter
IAuthenticationAdapter authenticationAdapter =
new MSAAuthAndroidAdapter(mApplication) {
@Override
public String getClientId() {
return "YOUR CLIENT GUID";
}
@Override
public String[] getScopes() {
return new String[]{
// some example scopes
"User.Read.All",
"User.ReadBasic.All",
"User.ReadWrite",
"offline_access",
"openid"
};
}
};
// Create the client config using the previously initialized authentication adapter
IClientConfig clientConfig =
DefaultClientConfig
.createWithAuthenticationProvider(
authenticationAdapter
);
// Finally, construct the client to handle requests
return new GraphServiceClient
.Builder()
.fromConfig(
clientConfig
).buildClient();
} You'll want to make your authenticationAdapter.login(this, new ICallback<Void>() {
@Override
public void success(Void aVoid) {
// now you can make service calls
}
@Override
public void failure(ClientException ex) {
// something went wrong
}
}
); |
As a quick hack to get access to the @Override
public void authenticateRequest(IHttpRequest request) {
super.authenticateRequest(request);
for (HeaderOption option : request.getHeaders()) {
// iterate over the headers to find the Authorization header
// decode the token to grab whatever you need, set a flag somewhere
// to store the user-type
}
} This is not an elegant solution, however - and requires initiating a call before you really know the user type |
Thanks for all the help here, I really appreciate that. |
Is there a way to know if the signing in a/c is a MSA or home/commercial a/c before making any graph api calls ?
Logging in with a MSA account (e.g., john_doe@outlook.com) and trying to retrieve user profile along with user image
graphClient .getMe() .getPhoto() .getContent() .buildRequest() .get()
yields the following :
The text was updated successfully, but these errors were encountered: