MSAL Client flow Azure Function in Xamarin Forms

0
votes

Looking to use MSAL client flow to gain to authorize access to an Azure Function which I have configured to use Microsoft Authentication .

I've add the latest preview of the MSAL and can log in and gain access to the Graph API 

 App.TokenRequest = await App.IdentityClientApp.AcquireTokenAsync(App.Scopes,App.UiParent)
 var client = new System.Net.Http.HttpClient();
 var request = new HttpRequestMessage(HttpMethod.Post, "https://{my site url}/.auth/login/microsoftaccount");  

request.Content = new StringContent(JsonConvert.SerializeObject(new TokenContent { access_token= App.TokenRequest.AccessToken }));
 var response = await client.SendAsync(request);

Any ideas would be helpful, when I navigate to the auth page in the browser I get the server side flow. but the above client request always yields a 401 error, the documentation is all over the place and I was trying to avoid using the Mobile App Service.

1
c#azureauthorizationmsal

1 Answers

1
votes

From Client-managed authentication - Live SDK, we could find that you need to pass the following payload for logging:

{"authenticationToken":"{Live-SDK-session-authentication-token}"}

Then, I checked LiveSDK and tried to retrieve the LiveConnectSession.AuthenticationToken by calling LiveLoginResult.Session.AuthenticationToken, but it returns null.

Then, I checked the the server-flow authentication for Microsoft Account, and find it would use Live SDK REST API - Signing users in with REST. I tried to simulate the authentication request via postman to verify this issue. Here is my test for retrieving the access token:

https://login.live.com/oauth20_authorize.srf?client_id={client-id}&redirect_uri={return-url}&response_type=code&scope=wl.basic+wl.offline_access+wl.signin

enter image description here

As you could see, we could not retrieve the authentication_token as mentioned in the official document about Get an access token and an authentication token.

Then, I tried to use the access_token for logging as follows, and found it could work.

enter image description here

Looking to use MSAL client flow to gain to authorize access to an Azure Function which I have configured to use Microsoft Authentication .

For MSAL, you could find it would send request against the following endpoint and both {"authenticationToken":"App.TokenRequest.AccessToken"} and {"access_token":"App.TokenRequest.AccessToken"} payload could not login successfully.

https://login.microsoftonline.com/common/oauth2/v2.0/authorize

Per my test, since the Authentication / Authorization for Microsoft uses the different authentication endpoints, the token generated by each endpoints could not be applied to each other.

Based on my test, you could just create you app at Microsoft Account Developer Center and add authentication info for your azure function app. For your client, you could use LiveSDK [deprecated] or OneDrive SDK for CSharp for MSA logging and retrieve the access_token for logging with your azure function app. Here is my UWP client for logging with OneDrive SDK, you could refer to it:

var msAuth = new MsaAuthenticationProvider(
    "{app-Id}", //application id of your app
    "urn:ietf:wg:oauth:2.0:oob", //the redirect url for your native application in your app
    new string[] { "wl.signin", "offline_access" });
await msAuth.AuthenticateUserAsync();

enter image description here

For MsaAuthenticationProvider, you could refer to Authentication Adapter for the OneDrive SDK.