MobileApp Service
I have an Azure MobileApp with App Service Authentication configured to "AAD Provider"
- Set client id and secret to AppID and Key of Azure AD Application created.
Set IssuerUrl to https://sts.windows.net/b696XXXX-XXXX-XXXX-XXXX-XXXXc4219dfb/
Set allowed token audience to https://mymobileapp.azurewebsites.net/.auth/login/aad/callback and https://mymobileapp.azurewebsites.net
Set allowed external redirect urls to {uri_schema}://easyauth.callback
Azure AD Application
I have created azure ad application along with few custom roles in Manifest file for the MobileApp and added users to it.
UWP App
In my UWP package manifest declarations, i have added a protocol same as my "{uri_schema}" configured in MobileApp easy auth.
Creating MobileServiceClient as below
MobileServiceClient client = new MobileServiceClient("https://mymobileapp.azurewebsites.net/")
{
CurrentUser = this.Container
.Resolve<IAuthenticator>()
.CurrentUser // This will be null for the first time
};
Then, login with below code and storing the credentials in vault.
this.CurrentUser = await this.app.ATTTMClient.LoginAsync(MobileServiceAuthenticationProvider.WindowsAzureActiveDirectory, "{uri_schema}");
credential = new PasswordCredential("{vaultkey}", this.CurrentUser.UserId, this.CurrentUser.MobileServiceAuthenticationToken);
this.Vault.Add(credential);
Till here, the authentication with user credential which I created in AD was successful and got stored in credential vault.
But, when I call any Mobile API methods using InvokeApiAsync as below, I'm getting following error:
HttpResponseMessage resp = await client.InvokeApiAsync(apiRoute, content, httpMethod, this.requestHeaders, parameters);
Error: The request could not be completed. (Unauthorized)
Sample Rest POST call:
Method: GET, RequestUri: 'https://mymobileapp.azurewebsites.net/api/controller/action?key=value', Version: 2.0, Content: ,
Headers:
{
Request-Id: f987cff8-XXXX-XXXX-XXX-374b8408ea53
X-ZUMO-FEATURES: AG
X-ZUMO-INSTALLATION-ID: e8d23287-XXXX-XXXX-XXXX-b7885af589ef
X-ZUMO-AUTH: eyJ0eXAiOiJKVXXXXXXXXXOiJIUzI1NiJ9.eyXXXXXXXXXkOjFmNTlhZDI2MGJmZjVXXXXDBhZTllYXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX0dG1hdXNlZWFzLmF6dXJld2XXXZXMubmV0LyIXXXXXXXXXXXXzOi8vYXR0dG1hdXNlZWFzLmF6dXJld2Vic2l0ZXMubmV0LyIsImV4cCI6MTUXXXXXXXXXXTMzMTE2MDQwfQ.8fha-XymJSDEIxw22RSymW9T4XXXXXXXXWFh_zpF7ag
User-Agent: ZUMO/4.0
User-Agent: (lang=Managed; os=Windows Store; os_version=--; arch=X64; version=4.0.2.0)
X-ZUMO-VERSION: ZUMO/4.0 (lang=Managed; os=Windows Store; os_version=--; arch=X64; version=4.0.2.0)
ZUMO-API-VERSION: 2.0.0
Cookie: ARRAffinity=c2ec7bad91771ba38a3XXXXXXXXXXXXXXX56cb5457cc94b47c79e2847
Accept-Encoding: gzip
}
At this point, I'm refreshing the token which is successful but retrying the API call with refreshed token still fails with same error.
The only API Call (InvokeApiAsync) which is successful in my case is below while initializing roles after successful login:
user = (await client.InvokeApiAsync<User[]>("/.auth/me", HttpMethod.Get, null))?.FirstOrDefault();
What am I missing here? Why other API calls are failing with 401 code?
Any help would be appreciated.