0

I have a Xamarin mobile application that authenticates using Azure Active Directory this works fine and I am receiving the token and user details. To do that I had to set up a 'Native Client Application' under 'Add an application my organization is developing' option in Azure.

My Web Application/API which is multi tenant is listed under 'permissions to other applications' within the Native Application tab in Azure. The Web Application works well using OpenIdConnect and the multi tenancy works as it should.

How do I now make the Native Client Application available to other tenants? I can use the credentials form the Tenant that the Native Client Application is listed under (the same directory I have created the Native Client Application under) but not other tenants in a way the Web Application allows.

RVid
  • 1,207
  • 1
  • 14
  • 31

1 Answers1

5

Found this, although for Windows store: NativeClient-WebAPI-MultiTenant-WindowsStore

Add the client application to the known clients list of the API

For the client application to be able to call the web API from a tenant other than the one where you developed the app, you need to explicitly bind the client app entry in AAD with the entry for the web API. You can do so by adding the client ID of the client to the manifest of the web API. Here there's how.

  • Retrieve the web API manifest file
  • In the manifest, locate the knownClientApplications property and add to it the client ID. Your code should look like the following: "knownClientApplications": [ "94da0930-763f-45c7-8d26-04d5938baab2" ]
  • Save back the manifest
RVid
  • 1,207
  • 1
  • 14
  • 31
  • Did you have to provision the Web App in other other AAD ? How will this work if the WebAPI supported roles ? – Frank Q. Feb 18 '17 at 06:30