MSAL Modern Auth (OAuth 2.0) for personnal accounts
Hi, I am trying to use azure/msal-node on a node backend server. all work fine for business accounts onmicrosoft.com but not for personnal accounts like mailto:email address removed for privacy reasons, according to this documentation, Authentication seems to be possible https://docs.microsoft.com/fr-fr/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth But i don't understand if my problem come from azure AD configuration or from my code. exp.post('/connect', function (req, res) { let authCodeUrlParameters = { scopes: SCOPES_OUTLOOK, redirectUri: "http://localhost:4220/redirect", }; publicMicrosoftClient.getAuthCodeUrl(authCodeUrlParameters).then((response) => { if (req.body.email) { response += `&login_hint=${req.body.email}` } open(response) }).catch((error) => console.log(JSON.stringify(error))); }); exp.get('/redirect', async function (req, res) { try { const form = { 'code': req.query.code, 'client_id': CLIENT_ID_OUTLOOK, 'scope': SCOPES_OUTLOOK.join(' '), 'redirect_uri': 'http://localhost:4220/outlookOauth2', 'grant_type': 'authorization_code', 'client_secret': encodeURI(SECRET_VALUE_OUTLOOK), } const options = { url: 'https://login.microsoftonline.com/common/oauth2/v2.0/token', headers: { 'Content-Type': 'application/x-www-form-urlencoded', }, method: 'post', } response = await got(options, { form }); respToken = response.body ... } catch (error) { console.log(error) res.end(); } }); the error come from ...v2.0/token request. the server response doesn't really help (error 400 bad request) in azure AD we have app registered and all required scope with status granted. Thank you in advance for your help, YanSigning certificate for enterprise applications integrated with Azure AD
- is there any script to add notification email address at Signing Certificates for all enterprise applications integrated with my Azure AD Tenant Or -Script ( scheduled to run ) to notify me when any signing certificate about to expire Thanks
SharePoint Guest Users API Access - Unauthorized
Hello, we've build an Azure AD App that uses MSAL to authenticate against SharePoint. The auth flow works fine, till we try to access SharePoint resources with guest users. We've tried several solutions and configurations but we always get the answere: "Exception of type 'Microsoft.IdentityModel.Tokens.AudienceUriValidationFailedException' was thrown." Is there any policy that does not allow guest users to access sharepoint through the sharepoint api? Direct access to sharepoint works without a problem. Thanks in advance Michael
Call to AAD secured azure function not working from SPFX web part
We had tested calling an AAD secured azure function from spfx webpart using “SharePoint Online authentication cookie” approach detailed in the official documentation here https://docs.microsoft.com/en-us/sharepoint/dev/spfx/web-parts/guidance/connect-to-api-secured-with-aad The steps described in the documentation are correctly followed and this method worked for us 3 weeks ago as the response received from AAD was with status 200 and the call was successful. Since Friday however it seems that there has been a change on the authentication flow and now the azure function call receives a response code 302 , which is rejected by the browser as per the CORS specs. With following message Failed to load <function URL>: Response for preflight is invalid (redirect). Has anyone tried using this approach recently? any ideas how to solve it?
importing or installing preconfigured Azure AD App registrations?
We have a simple , public Web solution that uses an Application ID to an AAD registered App with Graph API and other permissions on our tenant. The public web side uses ADAL and GraphAPI ... so it's simple. The registered app has a reply url back to our web host and bunch of other permission and manifest settings. We'd like to service more than one Azure tenant with that web host. So we want the web host to be dynamic and smart based on some stored tenant licensing database we manage with each tenant, but each tenant requires the app registration. I know it can be done manually... What's the best way to get a tenant our app registration? The Azure marketplace? manually? powershell, other? I see no import feature. Would it make sense to require this functionality?Unable to Clone SharePoint Context from tenant to Specific Site Collection in Azure AD App
I Created a web application with Azure AD authentication using Azure AD Application. I had granted all permission for SharePoint Online, Graph API and Active Directory to the App for provisioning Site collections(creation and Deletion) which is working fine. In my web application, I am accessing the site collections through tenant Context( https://tenant-admin.sharepoint.com ) using access tokens from the Azure AD App. I am trying to switch the client context of tenant to Site Collection Context using the clone method in OfficeDevPnP.Core. Below is the code sample. var tenant = new Tenant(spcontext); spcontext.Load(tenant); spcontext.ExecuteQuery(); var site = tenant.GetSiteByUrl(webUrl); spcontext.Load(site); spcontext.Load(site.RootWeb); spcontext.ExecuteQuery(); string pageName = "mypage.aspx"; ClientSidePage page = ClientSidePage.Load(spcontext, pageName); var components = page.AvailableClientSideComponents(); string wpName = "Intranet Manager"; List<string> componentsnames = components.Select(k => k.Name).ToList(); var webPartToAdd = components.Where(wp => wp.ComponentType == 1 && wp.Name == wpName).FirstOrDefault(); if (webPartToAdd != null) { ClientSideWebPart clientWp = new ClientSideWebPart(webPartToAdd) { Order = -1 }; page.AddControl(clientWp); } page.Save(pageName); spcontext.ExecuteQuery(); I am getting the error I am Getting the error "The remote server returned an error: (401) Unauthorized." at the line ClientSidePage page = ClientSidePage.Load(newSiteContext, pageName); If we pass user credentials with the necessary permission for creating the tenant Context, the clone was working as fine. When we tried to the same with the access tokens we are getting the above error. The Azure AD App is given all required permission in the Azure portal.
