We Keep Coding

Azure AD: UWP App automatically logging into Azure AD (certificate or known credentials)

I'm doing a POC of a an application for use on a touch screen device running windows 10.
The currently UWP (although open to nearly any app that can run full screen for a kiosk) app already has a webview control and I can control the url where I want to navigate to. In some situations, I'd like to navigate to a 3rd party webapp that is using Azure AD authentication.
Interactively, we can login but I'd like to have the login happen automatically using a known azure ad username and password or ideally a certificate we can install on the device. We don't own the web app (so we can't change any properties on it) but its connected to our Azure AD tenant so we own the azure ad app configuration. The web application does not have API's yet to consume the information. The device uses local accounts, per the guidance on https://learn.microsoft.com/en-us/windows/configuration/kiosk-prepare.
I've used the (Public/Confidential)ClientApplicationBuilder which works for getting tokens to talk to web apis but I'd like to do a form post to something (https://login.microsoftonline.com/{tenantid}) ? and then redirect to the web app when done. I've looked into OAuth 2.0 Resource Owner Password Credentials (https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth-ropc) and it seems the closest but I'm not sure how to take the access token I receive and somehow save it (in a cookie?) so the web app will log the user in when navigated to. I'm sure I could watch the various URLS and fill in the credentials programatically but that seems wrong. I've reviewed the various Azure AD samples but I've not seen one that fits my scenario (which might indicate a flaw in the plan...).

3-legged OAuth for Google API console app?

I've been playing around, and created simple console app in C# that reads my gmail inbox, searches for email from the gym, and if I've scheduled group training and got the response email, creates google reminder. When I ran the app in local all works fine.
But I want to deploy it to Azure and created WebJob, and that is where the problems start. Locally I get pop-up window where I give app permission, but I cannot to that in WebJob. Than I created a service account, but I cannot enable domain-wide authority to the service account because I do not have G Suite, I use regular gmail. What are my options here? I've been reading and OAuth 2.0 Three legged implementation seems like the way to go?

If you are trying to have this app just for your gmail inbox then you can get a refresh token (locally for your app) and just hardcode that in your app.
If you want to make this app for other users then you'll have to do a lot more work and apply for app verification and implement 3 legged auth.

Adding Authentication to UWP apps with Azure Mobile App as backend

I am working on UWP app which requires users to login using social identity providers like Microsoft, Google etc.
I have followed the quickstart guide here which describes how the authentication can be added.
In the UWP Quickstart app the installed version of Microsoft.Azure.Mobile.Client is 3.1.0, if I upgrade this to the latest version i.e. 4.0.0, an error is thrown on the line LoginAsync(MobileServiceAuthenticationProvider.MicrosoftAccount) that LoginAsync has no overloaded methods that take 1 argument. To resolve this I added a SingleSignOn parameter to the method which is a boolean
var user = await App.MobileService.LoginAsync(MobileServiceAuthenticationProvider.MicrosoftAccount, true);
When I run the application the Microsoft login popup is shown successfully, however when the users logs in, the popup does not go away and control never returns to the app. Following is the screenshot:
If I close the popup manually then an exception is thrown :
Authentication was cancelled by the user
So is this a Microsoft.Azure.Mobile.Client Nuget package version issue or am I missing something here.
Any help would be much appreciated.

Ok, I'll answer to you question now, because I was able to solve it just a couple seconds ago.
So you are using UWP, I'm using Template 10 and I've been able to make it work on both, firstable update to v4.0.0 or v4.0.1 according to what i found out was because google authentication stopped allowing web views for authentication and the concern for Azure-Mobile-Net-Client team was that all OAuth provider would adopt that behavior in the future base on an article that you can find here if you are interested:
Modernizing OAuth interactions in Native Apps for Better Usability and Security
after this being said we are in the middle of a big change here, so in order to make it work you need to set your mobile app service to allow external redirects using url_scheme_of_your_app as shown on microsoft documentations tutorial.
So the step are the next ones:
1.- Go to Azure Portal
2.- Go to your MobileApp Service
3.- Choose Authentication/Authorization
4.- at Allowed External Redirect URLs write this: {urischeme}://easyauth.callback
(meaning that urischeme must be alphanumeric word beginning with a letter).
5.- Save changes.
Now after you have done that now you gotta work on your client
then if you are using UWP follow this tutorial:
Add Authentication to your UWP.
and that should be enough, if you are using template 10 all you gotta do is at OnStartAsync Method use this code:
if(startKind == StartKind.Activate)
{
ProtocolActivatedEventArgs protocolArgs = args as ProtocolActivatedEventArgs;
cloudService.ResumeWithUrl(protocolArgs.Uri);
}
you saved tons of code at the tutorial because you gotta write code at OnNavigatedTo() Method and at OnActivated() method at App.Xaml.cs
thats for the architecture in UWP and at Template 10 that acts like a wrapper of Application class and simplifies its usage.
Hopefully this helps you, also you will notice that when you first sign in at your app using urischeme it opens your default browser and stays open after successfully logged in.
Also singlesignon overload method doesnt work at all yet, they are still working on those issues.
hopefully my answer helps you!!!

I just wanted to add my solution for xamarin.forms on uwp, which should be actually same as we are doing redirecting and login on native level. I followed this article https://learn.microsoft.com/en-us/azure/app-service-mobile/app-service-mobile-xamarin-forms-get-started-users
but there was something confusing about url scheme of your app part when you define the return url.
Basically you define return url in 4 places and they sound like the same but they are different
1) you define on facebook developer page. it should (use https) https://myapi.azurewebsites.net//easyauth.callback
2) on the azure portal for allowed external redirect urls
add here 2: https://myapi.azurewebsites.net//easyauth.callback, myapp//easyauth.callback
3) uwp package manifest- declaration. add myapp as name
4) Login call to azure mobile services: Client.LoginAsync(provider, "myapp");
So basically myapp (this is name you choose) should be available in azure portal and same name used in your uwp project. otherwise even login is successful, you end up with this screen instead of redirected back to the app.

Is there any way to access the generated token value for web chat from inside the bot framework code?

According to this URL http://docs.botframework.com/connector/embed-chat-control/
We generate a token value which is used generate the iframe embed url.
I want to be able to access this token value from the corresponding bot.
If I can't access it directly, is there any way I can compute it inside the bot framework code?

If my understanding is right, you want to check whether your bot is working via embed chat through the bot itself rather than creating a new website and embedding it there.
I've embedded the widget in the default.htm file of my project and if the project is deployed on Azure, you can test its working.
Just code like this....
<div><iframe src="https://webchat.botframework.com/embed/MySimpleBotPlan?s=JXYDmEp8p7E.cwA.y6E.amTHXt9V7FN88DOagU7ST39iVBUKAEBcfQdaJgUbCt8">style="height: 502px; max-height: 502px;"></iframe></div>
Please find the sample code here.
The test might fail if you try the same code as I've stopped Azure services running, but you can try the sample code by deploying it on your Azure account.
This is another example which might be helpful too.
Please refer this documentation for the step by step tutorial.
Regards,
-Jyo

The client application has requested access to resource 'https://outlook.office365.com'. This request has failed

I am trying to test the sample code from office365 API, I could login to my account but after that i would always get this exception
AuthenticationFailedException was caught
AADSTS65005: The client application has requested access to resource 'https://outlook.office365.com'. This request has failed because the client has not specified this resource in its requiredResourceAccess list.
Trace ID: 7a39b0bd-1738-418f-984a-feffae5b5d9b
Correlation ID: 16da7c7f-9f0c-468f-a560-a51b1ac9b3bf
Timestamp: 2014-07-09 07:36:34Z
This is the code that I have been testing this code is generated by the API.
Authenticator authenticator = new Authenticator();
var authInfo = await authenticator.AuthenticateAsync("https://outlook.office365.com");
please help me or point-out what I'm doing wrong, this is my first time developing in office365 please help and thank you.

I just came across your question having run into the same error, so since nobody ever answered I figured I would post the answer I found. This error is related to the permissions set to be requested on the app in the Azure dashboard at https://manage.windowsazure.com.
If you go into your app configuration page and scroll to the bottom, you just need to add the corresponding items under the delegated permissions dropdown.

I got the same error. This is what fixed it for me:
Go to https://manage.windowsazure.com
Go to the corresponding app configuration page.
Scroll to the bottom to "permissions to other applications".
Add "Windows Azure Active Directory" application if it is not already there.
Under delegated permissions check "Enabled Sign-on and read user's profiles"

The consent framework associated with requesting authorization requires that your client application is configured with a static set of permissions to the resources (APIs) that it will call. For example, if your app needs to read the signed in user's mail and read and write to their calendar, you need to select Office 365 Exchange Online as a resource and pick the Read mail and Read and write calendar permissions.
This app configuration can be done in a couple of ways - one way is through your dev environment - like Visual Studio. VS2013 and up have a connector that allows you to register a client app and configure its access to O365 cloud resources. Another way is through the Azure Management Portal (under the AD extension, find your application, click on the configure tab, and configure access through the "permissions to other applications" section.
I recommend that you look through https://msdn.microsoft.com/en-us/office/office365/howto/common-app-authentication-tasks and the following sections which show how register apps through Azure Management Portal and through Visual Studio. Also which sample are you trying here? The sample should contain instructions, including the instructions to set the resource and permission scopes your application needs