First published on CloudBlogs on Mar, 06 2015
Today's guest blog post is by Danny Strockis, a Program Manager in our Cloud Authentication services team.
His post is targeted to developers who may be wondering about some of the changes we are making to simplify and accelerate our redirection flows.
Alex Simons (Twitter:
Director of Program Management
Microsoft Identity and Security Division
I'm Danny Strockis, one of the Program Managers here in the Cloud Authentication team at Microsoft.
If you've ever taken a trace of the authentication requests from your Azure AD protected app you've probably noticed that requests to
are federated to
. The user's credentials are evaluated at
and upon successful authentication the user is directed back to
which finally issues your app the token it requested. A typical sign-in flow might look like this:
Your users get a faster sign-in experience free of extra hops.
The sign-in user experience includes several new features. Examples are the ability to maintain multiple actively signed-in users and a more responsive UI that behaves appropriately across more devices and screens.
We can enable a number of features in our engineering systems that will lead to an even more reliable service.
The natural question that follows - what impact does this have on your existing app?
Largely, the answer is none.
However, if your app makes certain assumptions about our underlying implementation it may require changes. Here are some subtle differences that you should be aware of:
The HTML markup and scripts for the new sign-in experience are significantly different even though the visual appearance may be the same. Any tests that rely on exact markup may break and need to be updated.
And in the interest of being thorough, the following items have
The behavior of both token endpoints will remain precisely the same.
The value of the "issuer" both in metadata and in tokens issued by Azure AD will remain the same – it will continue to be
If you're creating a new application, you should use
as the authority going forward. Our documentation and samples will be updated shortly to reflect the change. If for any reason you need to ship an app using
going forward, please contact us before doing so – tweet us at
For those applications currently authenticating against
, we recommend making the effort to incorporate the change immediately; your users will get an improved sign in experience, and your authentication flows will be free of extra complexity.
Thanks for reading! We're happy to answer any questions you may have, and as always appreciate your feedback.
Have a great weekend,