1

I'm trying to set up a login with username and password for ADAL (Azure AD).

I use the library that Microsoft published via Maven:

implementation 'com.microsoft.aad:adal:1.11.0'

But this one only seems to support logging in via a pop-up screen, coming from the SDK. I want to supply the username and password myself, like the way it is possible in C# (https://github.com/Azure-Samples/active-directory-dotnet-native-headless)

I checked the "answer" here: Authenticate the user on Azure AD using ADAL library from Android native app but that one points to other projects and still give no information on which call accepts a password.

I'm starting to think that this has be removed. Anyone that can point me in the right direction?

Boy
  • 7,010
  • 4
  • 54
  • 68
  • 1
    Hi, also wanted to drop a note that my email is in my Stackoverflow profile. Feel free to reach out to discuss your scenarios a bit more. I'd love to understand the case more and see if we can support this for the next generation of libraries (MSAL). – Daniel Dobalian Feb 05 '18 at 22:43

1 Answers1

1

ADAL Android does not support Username/Password flows (also called Resource Owner Password Grant). You can submit a request through UserVoice including the scenario you're trying to implement (helps understand the request).

In general, I'd strongly recommend against using this flow as it is quite brittle (e.g. the app will fail if it encounters MFA) and requires you to capture the end users credentials and may be unsafe. Here's a great blog post that walks through the reason to use this flow.

Daniel Dobalian
  • 3,129
  • 2
  • 15
  • 28
  • 1
    Thanks for your response and being active on SO! My scenario is, that the customer does not want a different UI, so no pop-up to enter credentials. They have designed a UI for e-mail/password and want to use this. Also, it seems to be doable in C#, so why not give the choice to other platforms too? – Boy Feb 06 '18 at 08:05
  • 1
    @Boy That's a popular request and totally understandable. Have you (and your customer) evaluated the sign in page [customization and branding features](https://learn.microsoft.com/en-us/azure/active-directory/customize-branding) and found this was not sufficient? The benefit here is they would have a consistent sign in page with all of their Azure AD & O365 sign in pages. With all that being said, it's a popular request and the motivation is pretty clear. The biggest issue is all the limitations with the flow: MFA (can be turned on at any time), no consent, somewhat dangerous, etc. – Daniel Dobalian Feb 06 '18 at 21:13
  • 1
    I'll add, we are evaluating requests for Username/Password support in other platforms and understanding the scenario helps (thanks!). If we do decide to expand support, it would be likely be added to [MSAL libraries (Azure AD v2.0 endpoint](https://aka.ms/aadv2). If you want to chat more, feel free to reach out directly, my email is on my SO profile. – Daniel Dobalian Feb 06 '18 at 21:17
  • 1
    we went with the default flow, using the WebView to let the user log in. Thanks for your time! – Boy Feb 08 '18 at 08:35