1

I followed this tutorial to authenticate with Azure AD for my Azure Mobile Service but I can't get the URL redirect working. Maybe I have misunderstood but this is what I have tried ...

In the iOS project I added this URL Scheme to info.plist: com.spike.Xamarin.OAuth:/oauth2redirect I override the AppDelegate.OpenUrl method(s) (both overloads) and implement the code from the tutorial

In the PCL project I pass the authentication URL as https://(my service).azurewebsites.net/.auth/login/aad and as the redirect URL I pass the same URL (above) to the Xamarin.Auth.OAuth2Authenticator ctor. I add an event handler to the Xamarin.Auth.OAuth2Authenticator.Completed event, to fetch the access token and so on.

In my protected Azure Mobile service (AAD / Express) I registered the above URL reversed: OAuth.Xamarin.spike.com:/oauth2redirect as an 'ALLOWED EXTERNAL REDIRECT URLS'.

Result

What happens is I get to the login page and I am able to fill in my credentials as expected. But the final redirect never hits the AppDelegate.OpenUrl method. Instead iOS Safari seems to end up at https://(my service).azurewebsites.net/.auth/login/aad/callback.

What am I getting wrong here?

Jonas Rembratt
  • 1,550
  • 3
  • 17
  • 39
  • Have you solved this issue, do you need further assistance ? – Bruce Chen Sep 07 '17 at 02:07
  • Hi Bruce. I'm currently trying to work out your instructions but so far I have been unable to make it work. That might be because of me however. Thanks alo for taking the time! – Jonas Rembratt Sep 07 '17 at 07:05
  • After entering your credentials do you get the error ERR_NAME_NOT_RESOLVED in the web browser ? ( I am having this issue ) – danieljaguiar Oct 21 '17 at 09:23

1 Answers1

3

Xamarin.Auth includes OAuth authenticators that provide support for consuming identity providers (e.g. Google, Microsoft, Facebook, and Twitter,etc.).

Per my understanding, you could leverage the Xamarin.Auth SDK to independently contact the identity provider and retrieve the access token on your mobile client side, then you need to login with your backend (azure mobile app) along with the token for retrieving the authenticationToken, then you could leverage the authenticationToken to access the resources under your mobile app.

For Azure AD authentication, you could refer to the following settings for constructing the OAuth2Authenticator as follows:

Authorize URL to https://login.microsoftonline.com/{tenantId}

Redirect URL to {Client-ID-of-your-AD-app}:/oauth2redirect

AccessToken Url to https://login.microsoftonline.com/{tenantId}/oauth2/token

For more details, you could refer to OAuth 2.0 authorization flow for AAD.

After retrieved the access token from AAD, you need to send the following request for logging with your mobile app:

Post: https://{your-app-name}.azurewebsites.net/.auth/login/aad
payload: {"access_token":"{your-access-token}"}

Additionally, you could also leverage Microsoft.Azure.Mobile.Client for Client-managed authentication or Server-managed authentication. For more details about adding authentication to your app, you could refer to Add authentication to the portable class library and Add authentication to the iOS app for your Xamarin Forms app.

Bruce Chen
  • 18,207
  • 2
  • 21
  • 35