Logging into German-hosted OneDrive servers fails

[Alex-C-Eltima]

Could you please assist or clarify, it seems your auth adapter works only with US-hosted OneDrive servers (office.com). One of our German users has account under portal.office.de server, hosted by T-Systems in German data center. And it looks like authentication is searching for his credentials on US servers, when he tries to login from Germany.

Asked this question in msgraph-sdk-ios they forwarded me here.

[tobihagemann]

Having the same issue here. Would be great to know how to fix this.

[tobihagemann]

Just wanted to share some information regarding this issue even though I haven't found a working solution yet. Apparently, "Microsoft Cloud Germany" uses different endpoints: https://developer.microsoft.com/en-us/graph/docs/concepts/deployments

I believe that changing the Microsoft Graph endpoint to https://graph.microsoft.de isn't too hard and should work without bigger changes. E.g., it can be done like this:

MSGraphClientConfiguration *configuration = [MSGraphClientConfiguration defaultConfiguration];
configuration.apiEndpoint = [NSString stringWithFormat:@"%@/%@", @"https://graph.microsoft.de", MSGraphApiVersion];

It would be more elegant if that's handled by the library itself but at least we have the option to do it externally.

However, I didn't have much success getting the Azure AD endpoints for authentication to work. The documentation I've linked mentions that Azure AD also has a different endpoint: https://login.microsoftonline.de

But there is more:

• The authorization common endpoint is https://login.microsoftonline.de/common/oauth2/authorize.
• The token common endpoint is https://login.microsoftonline.de/common/oauth2/token.

[...]

Note: The Azure AD v2.0 authorization and token endpoints are available on the global service only; they are not yet supported for use with national cloud deployments.

Sooo, I guess this library wouldn't work with these older endpoints. At least, I'm getting HTTP error 400 with AADSTS50001: Resource identifier is not provided. No idea what it actually means but I guess it's just the wrong protocol because this library follows the one for the newer endpoints.

Is there any library that conforms to MSAuthenticationProvider but follows the protocol of the older Azure AD endpoints? Or is there an easy way to modify this library to achieve the same result?

This is what I've configured if anyone is interested. Obviously, this setup is just temporary for quick experiments:

NXOAuth2AuthenticationProvider *provider = [[NXOAuth2AuthenticationProvider alloc] init];
[provider setClientId:@"..." scopes:@[@"..."]];
provider.authorizationURL = @"https://login.microsoftonline.de/common/oauth2/authorize";
provider.tokenURL = @"https://login.microsoftonline.de/common/oauth2/token";

MSGraphClientConfiguration *configuration = [MSGraphClientConfiguration defaultConfiguration];
configuration.authenticationProvider = provider;
configuration.apiEndpoint = [NSString stringWithFormat:@"%@/%@", @"https://graph.microsoft.de", MSGraphApiVersion];