Azure AD Auth for Mobile Apps?

1
votes

I created a new mobile app to get consumed in my Xamarin.iOS app. My app doesnt have any registered user, all I need is to securely access the mobile app service api in my ios app.

After 10 hours of trying, I still couldn't figure a way to get his to work.

I've created a new mobile app, turned on Authentication / Authorization in setting(Azure Portal) and created a new Azure Active directory app.

I've secured my [MobileAppController] with [Authorize] tag.

To test I've requested a token

Method: POST
URL : https://login.microsoftonline.com/mytenant.onmicrosoft.com/oauth2/token
grant_type : client_credentials
client_id : {one from AD section for the app}
client_secret : {one from AD section for the app}

I've received a token but using it to access(POSTMAN app)

https://mytestmobileapp.azurewebsites.net/api/values with headers
Authorization : Bearer {token}

is giving me a 

  "message": "Authorization has been denied for this request."

Any help would be appreciated.

Thank you ...

3
azureazure-active-directoryazure-app-service-plansazure-mobile-servicesazure-app-service-envrmnt
I have a friend who recently wrote a series of three articles about that on his blog: pa-roy.com/azure-app-services-custom-auth-part-3Thibault D.

3 Answers

1
votes

I answered on my blog post but I am also putting this here for anyone to see.

Why do you want to call the endpoint directly? The SDK client should handle all of this (as seen on their tutorial: https://azure.microsoft.com/en-us/documentation/articles/app-service-mobile-xamarin-ios-get-started-users/)

I do not think it is a good idea to re-implement the wheel by calling directly AD. There is a callback mechanism for the server to get that token from AD and I think this is what is missing here.

0
votes

Have you looked at the examples at GitHub for Azure ActiveDirectory Library for ObjectiveC? https://github.com/AzureAD/azure-activedirectory-library-for-objc

Some great examples and resources here that may help you :)

0
votes

Ok finally after hours of terrible frustration I've found the answer. Thanks to the comments @ https://github.com/Azure/azure-mobile-apps-ios-client/issues/14

I've setup Streaming logs and detailed error messages to figure out whats going on and I found this to be the error.

2016-01-18T20:06:31 PID[7448] Warning JWT validation failed: IDX10214: Audience validation failed. Audiences: 'https://quicktestmobileauthapp123.azurewebsites.net'. Did not match: validationParameters.ValidAudience: '8649d624-47ce-447f-9a5e-xxxxxxxxxxxx' or validationParameters.ValidAudiences: 'http://quicktestmobileauthapp123.azurewebsites.net'.

Then I realized I have to pass in resource when requesting the token.

My new token request

Method: POST
URL : https://login.microsoftonline.com/mytenant.onmicrosoft.com/oauth2/token
grant_type : client_credentials
client_id : {one from AD section for the app}
client_secret : {one from AD section for the app}
resource : {clientId from the AD section}

Then token I've received from the above method worked fine without any issues. Azure streaming logs are amazing.

UPDATE

I've created a new question with answer going through a step by step explanation. How to add simple authentication to azure mobile/web apps with Azure Active Directory?