I have a UWP app which has Cortana integration using Commands (VCD definitions). The app requires a user to be logged in to it (using Facebook or Google).
Now I am writing a Cortana Skill - it will offer the same functionality as the UWP app, but would work on other devices. For it to work, the user would need to log in, just like the UWP app.
I understand how the login is done in Cortana Skill (using the BotBuilder) - after login, the access & refresh tokens are somehow stored with the user's profile, so he doesn't have to login again on his other devices. I actually already built this, so the user can login with facebook/google in Cortana.
But I would like to do this from the UWP app - that is after the users logs into the UWP app, I want to take the access/refresh token and give it to some Microsoft endpoint, so that user doesn't have to login twice (once in UWP, second time in Cortana).
Is this possible? Is there some API I can use for this?
The channel (Cortana) handles OAuth flow and token caching using "Connected Services". At this time, Cortana does not support single sign on or cross-client identity. (You're UWP app and your Cortana skill are effectively two apps.) This doesn't mean you need to use "Connected Services", but you'd be implementing around built in functionality for things like handling of refresh tokens.
Related
I'm doing a POC of a an application for use on a touch screen device running windows 10.
The currently UWP (although open to nearly any app that can run full screen for a kiosk) app already has a webview control and I can control the url where I want to navigate to. In some situations, I'd like to navigate to a 3rd party webapp that is using Azure AD authentication.
Interactively, we can login but I'd like to have the login happen automatically using a known azure ad username and password or ideally a certificate we can install on the device. We don't own the web app (so we can't change any properties on it) but its connected to our Azure AD tenant so we own the azure ad app configuration. The web application does not have API's yet to consume the information. The device uses local accounts, per the guidance on https://learn.microsoft.com/en-us/windows/configuration/kiosk-prepare.
I've used the (Public/Confidential)ClientApplicationBuilder which works for getting tokens to talk to web apis but I'd like to do a form post to something (https://login.microsoftonline.com/{tenantid}) ? and then redirect to the web app when done. I've looked into OAuth 2.0 Resource Owner Password Credentials (https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth-ropc) and it seems the closest but I'm not sure how to take the access token I receive and somehow save it (in a cookie?) so the web app will log the user in when navigated to. I'm sure I could watch the various URLS and fill in the credentials programatically but that seems wrong. I've reviewed the various Azure AD samples but I've not seen one that fits my scenario (which might indicate a flaw in the plan...).
I am writing a web app in C# for .NET Core which also should have integrated two-factor authentication and external logins.
I succeeded at integrating multifactor authentication using TOTP (TimedBased One Time Password). This means that every time I log in, I should fill in a code from my smartphone. Because I'm developing, I log in 100 times a day. So, I am getting tired of unlocking my phone, opening the authenticator app and filling in the verification code.
In our company, we make use of Azure Active Directory with two-factor authentication, but in Azure AD, we use two-factor push auth. If we try to log in, you get a push notification at your phone and then you could deny or grant access. That doesn't need filling a code.
I found documentation for the app Authy from Twilio to use Authy for push notification, but in the company I work, we are Microsoft-minded and everyone in the office uses the Microsoft Authenticator app, so my software should use this app also.
I found documentation for Authy, however, I didn't find this for the Microsoft App, while we use this also in Azure.
To enable two-factor authentication, you should scan the qrcode from the PC. The code of my app is
otpauth://totp/[Appname]:admin#admin.nl?secret=[Secret key]&issuer=[AppName/Companyname]&digits=6
The QR code of Azure AD, to let login RDS with 2fa has the following URL:
phonefactor://activate_account?code=[code]&url=[url]
I found that PhoneFactor is an application to enable MFA, using push notifications, but I can't find how to implement this in my own web app.
Is this possible? And where should I look to?
I've been playing around, and created simple console app in C# that reads my gmail inbox, searches for email from the gym, and if I've scheduled group training and got the response email, creates google reminder. When I ran the app in local all works fine.
But I want to deploy it to Azure and created WebJob, and that is where the problems start. Locally I get pop-up window where I give app permission, but I cannot to that in WebJob. Than I created a service account, but I cannot enable domain-wide authority to the service account because I do not have G Suite, I use regular gmail. What are my options here? I've been reading and OAuth 2.0 Three legged implementation seems like the way to go?
If you are trying to have this app just for your gmail inbox then you can get a refresh token (locally for your app) and just hardcode that in your app.
If you want to make this app for other users then you'll have to do a lot more work and apply for app verification and implement 3 legged auth.
I am trying to enable cross app SSO into our Xamarin apps so that if a user has installed and signed in to one of the apps, he is automatically logged in to other apps of my organization. The following document claims to achieve the requirement
https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-sso-android. We are following the non broker assisted login flow.
I have carefully fulfilled the three conditions stated below-
The apps are using the same android:sharedUserId in the manifest file.
The native client used for them is the same. Only the redirect url is different for the apps.
All of them are signed using the same keystore.
But still the functionality is not yet achieved. When i installed and logged in to one app, the second app is still prompting for credentials when i try to acquire the access token using the below line
authResult = await authContext.AcquireTokenAsync(resource, clientId, new Uri(returnUri), new PlatformParameters((Activity)Forms.Context));
Kindly help me know if there is something that i can do to achieve that.
Due to restrictions in Xamarin.Forms, SSO without a broker (Microsoft Authenticator or Company portal) does not work with current version of ADAL.
We have a work item to update the documentation.
This is a Xamarin.Forms issue. In order for SSO to work across apps without broker, you need to enable the "Ignore Security" flag, which is not recommended. This requires the app name to be hardcoded and "ignore security".
For example: Application.Context.CreatePackageContext(“com.companyname.ReproApp1”, PackageContextFlags.IgnoreSecurity).GetSharedPreferences(..)…
For the time being, it's recommended to use broker for SSO. You can use Authenticator for both iOS and Android.
I have created a Windows application using C# and would like to know how to upload it to Facebook application.
I have set up the Facebook application, all I need to do is add the application. I can't seem to find out how.
Facebook applications are not true applications in the sense of the word. You do not download or install Facebook apps... they are more like web applications that you log in to with your Facebook account. When you "add" a Facebook application to your Facebook account, all you are really doing is setting some permission flags to give that application access to your Facebook data. Once you've "added" it, each time you load a page from the app, Facebook sends it your Facebook id, which lets the app interact with you and work with your social data. There's no concept of downloading involved.
If your C# app is a desktop application, then you can still integrate it with Facebook, but you're going to need to do a bit more work. You'll need Facebook Connect in order to establish the proper communication. You might want to start with Authorizing and Authentication for Desktop Applications, and do a bit of poking around in that wiki to find out more.