1
votes

I'm writing a desktop application with C++/WinRT which needs to silently authenticate with Azure AD on a joined machine, using the Web Account Manager API.

Following the recent Microsoft documentation here, I can see that the redirect-uri set in the /oauth2/token request when using this API is something like ms-appx-web://Microsoft.AAD.BrokerPlugin/{id}.

When I try to set this redirect URI in the App Registrations page of my Azure AD application, I get an error saying that only HTTPS schemes are allowed. The (also recent) Azure AD documentation here states that (emphasis mine):

The new App registrations experience doesn't allow developers to add URIs with HTTP scheme on the UI. Adding HTTP URIs for apps that sign in work or school accounts is supported only through the app manifest editor. Going forward, new apps won't be able to use HTTP schemes in the redirect URI. However, older apps that contain HTTP schemes in redirect URIs will continue to work. Developers must use HTTPS schemes in the redirect URIs.

Does this mean that new apps won't be able to use non-HTTPS schemes in the redirect URI even when using the app manifest editor? Is this the correct way of setting up a native application for authentication with Azure AD?

It does seem like I don't really require a redirect-uri since this is a native application; I only need the token! It seems like there is the MSAL library for doing "Integrated Windows Authentication" (as documented here), but the API seems to be .NET only which unfortunately is not an option.

1

1 Answers

0
votes

Does this mean that new apps won't be able to use non-HTTPS schemes in the redirect URI even when using the app manifest editor?

Yes, you are right.

It does seem like I don't really require a redirect-uri since this is a native application;

Yes, for native application, you can use the default redirect uri.

enter image description here

Update:

This document is using old app registrations portal. See the detailed steps here.

Go to Azure Active Directory->App registrations

enter image description here

Create a new application or find your old application(You can ignore the red error message).

enter image description here

Make sure the application type is native.

enter image description here