Using a refresh token in AAD B2C with Azure App Service and Xamarin.Forms

Question

I'm trying to get a refresh token set up in my Xamarin.Forms app using AAD B2C. I've got everything set up but run into issues when calling LoginAsync on my MobileServiceClient. All of the docs and examples I can find show to update my LoginAsync method to this:

var user = await App.MobileServiceClient.LoginAsync(MobileServiceAuthenticationProvider.WindowsAzureActiveDirectory,
    new Dictionary<string, string>() { { "response_type", "code id_token" } });

Except that the MobileServiceClient does not take a Dictionary<string, string> for the second parameter. It takes a JObject. Here's what my current code looks like:

var authResult = await App.AuthenticationClient.AcquireTokenAsync(Constants.Scopes, "", UiOptions.SelectAccount, string.Empty, null, Constants.Authority, Constants.Policy);

var payload = new JObject();
payload["access_token"] = authResult.Token;

var user = await App.MobileServiceClient.LoginAsync(MobileServiceAuthenticationProvider.WindowsAzureActiveDirectory, payload);

I can not find an example use the JObject anywhere.
It is as simple as adding payload["response_type"] = "code id_token"; to my payload?

Answer 1

AFAIK, Mobile Apps support two authentication flows (client-managed flow and server-managed flow).

Client-managed authentication

Your app can independently contact the identity provider and then provide the returned token during login with your backend. This client flow enables you to provide a single sign-on experience for users or to retrieve additional user data from the identity provider.

After you retrieved the token, then you would login with your azure mobile backend by passing the token into a JObject instance as follows:

JObject payload = new JObject();
payload["access_token"] = ar.AccessToken;
var user = await client.LoginAsync(MobileServiceAuthenticationProvider.WindowsAzureActiveDirectory, payload);

For more details about other identity providers via client-flow authentication, you could refer to Client-managed authentication.

Server-managed authentication

Your app directly contacts your mobile backend, then your azure mobile backend contacts the identity provider and provide you with the logged user.

• For Xamarin.Forms UWP app, you could login as follows:

• For Xamarin.Forms IOS app, you could login as follows:

For more details about server-managed authentication in Xamarin.Forms, you could refer to Add authentication to your Xamarin Forms app.

UPDATE:

I have checked that if you call MobileServiceClient.LoginAsync in PCL, you could not see any extensions for LoginAsync. As you could see, there are many extension LoginAsync methods in the Microsoft.WindowsAzure.Mobile.Ext.dll for each platform. You need to define the IAuthenticate interface and implement it in each of your app (uwp, android, ios, etc.), for more details you could refer to here.