First published on CloudBlogs on Sep, 09 2014
Howdy folks, Today Azure AD reaches an important milestone. I am excited to announce that OpenID Connect and OAuth 2.0 support in Azure Active Directory reached general availability! Industry-standard protocol support is at the very heart of any Identity as a Service solution. We invested a lot of time and energy to ensure we would offer you a world-class experience end to end, from the endpoints performance, manageability and compliance to the usability of our developer libraries. Here there is what we are making available for you today:
Howdy folks, Today Azure AD reaches an important milestone. I am excited to announce that OpenID Connect and OAuth 2.0 support in Azure Active Directory reached general availability! Industry-standard protocol support is at the very heart of any Identity as a Service solution. We invested a lot of time and energy to ensure we would offer you a world-class experience end to end, from the endpoints performance, manageability and compliance to the usability of our developer libraries. Here there is what we are making available for you today:
-
The general availability of our OpenID Connect and OAuth 2.0 support. These protocols provide a rich set of capabilities that will continue to build up to enable an ever increase set of use cases. This release adds:
-
Protocol support for:
- Signing in to front end web applications
- Mobile apps securely calling Web APIs
- AAD authenticated service to service calls
- Administrators granting consent for all users to use web and mobile applications
- Individual users can consent to web and mobile applications on their behalf
- A new JSON configuration document, following the OpenID Connect Discovery specification
- OpenID Connect session management , providing sign out and the check session endpoint, which allows a highly performant way to check if the current user session active
-
- Just a few days ago we announced on the ASP.NET team blog the GA of the new components in ASP.NET for supporting claims-based identity . The new programming model makes it super easy to use OpenID Connect with Azure AD from your ASP.NET application .
-
The v2 of our Active Directory Authentication Library (ADAL) for Microsoft platforms . This new version offers numerous improvements over its already successful predecessor:
- Support in a unified NuGet package for .NET, Windows Store (tablet/pc) and Windows Phone apps
- Full async programming support
- Support for new authentication flows, including Windows Integrated auth and direct username/password
- Many overall improvements ( token cache support on middle tier apps , better control over the experience, etc.)
- Source code of the library fully available on GitHub , for you to study and contribute if you so choose!
Best Regards,
Alex Simons (Twitter: @Alex_A_Simons )
Director of PM
Active Directory Team
P.S. If you are an admin and you want to turn off user consent for applications, you can do so using PowerShell. Go here to learn more: http://technet.microsoft.com/en-us/library/dn194127.aspx The switch you want to use is: - UsersPermissionToUserConsentToAppEnabled <Boolean> Indicates whether to allow users to consent to apps that require access to their cloud user data, such as directory user profile or Office 365 mail and OneDrive for business. This setting is applied company-wide. Set to False to disable users' ability to grant consent to applications. Required? false Position? named Default value true Accept pipeline input? false Accept wildcard characters? falsePublished Sep 07, 2018
Version 1.0Alex Simons (AZURE)
Microsoft
Joined May 01, 2017
Microsoft Entra Blog
Stay informed on how to secure access for workforce, customer, and workload identities, from anywhere, to multicloud and on-premises resources, with comprehensive identity and network access solutions.