Getting a CODE back from OWIN Authentication Flow

0
votes

We use OWIN middleware to log people in to our cloud application using OpenId Connect.

The issue is, we also want to access their Office 365 data through the new APIs.

Using OWIN to log in doesn't return us to our website with a CODE, and so using ADAL we send them right back to consent a second time and then get our tokens, etc...

Can we do this in one swoop?

Here is what Fiddler says OWIN uses to authenticate:

https://login.windows.net/common/oauth2/ authorize? client_id=ourguid &nonce=random characters &response_mode=form_post &response_type=code+id_token &scope=openid+profile &state=OpenIdConnect.AuthenticationProperties*more random characters* &redirect_uri=http%3a%2f%2flocalhost%3a8683 &post_logout_redirect_uri=http%3a%2f%2flocalhost%3a8683

I see code+id_token in the Query String, but when it sends me back there is nothing in the URL at all.

1
ms-officeowinoffice365office365-appsadal

1 Answers

1
votes

You can do everything in a single leg in OpenId Connect via our OWIN components, there is a specific notification that is triggered when you get a code back and that you can handle to redeem that code. See the sample at https://github.com/AzureADSamples/WebApp-WebAPI-OpenIDConnect-DotNet and specifically Startup.auth.cs for a demonstration of how it works. Note: the RC we just released will make the code much simpler. I am still working on updating the sample to thate ffect, you can take a look at the RCUpdate branch to see the work in progress. However what is in the master branch is functional hence that should unblock you. HTH! Cheers, V.