question

SharmaAyushNokiaINGurgaon-5163 avatar image
0 Votes"
SharmaAyushNokiaINGurgaon-5163 asked soumi-MSFT edited

Azure Ad redirect Auth on FrontEnd via API

If a frontend[Android App] hit a web API[spring boot] for sign in request and that request it invokes the Azure AD auth controller on that API which open the redirect url on browser for login, how to redirect/open a credential page on the front end [Mobile App] for login in response of this request.

azure-active-directoryazure-ad-authentication
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

soumi-MSFT avatar image
0 Votes"
soumi-MSFT answered soumi-MSFT edited

@SharmaAyushNokiaINGurgaon-5163, Ideal process is that:


First, a search is initiated in the internal application cache to check if there is an existing token (refresh-token) available that can be used. If its present, the MSAL4J goes ahead with that old token and silently gets a new token (access-token).


If an old token is not found (in case of a fresh login by the user), MSAL4J goes ahead with the interactive login step where it provides a pop-up/redirect with the https://login.microsoftonline.com/common/oauth2/v2.0/authorize? endpoint which is responsible for asking the user to interactively enter the username and password.


You can refer to the following doc and the sample for better understanding: https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-v2-java-webapp


You can check the following docs for more information:


https://github.com/Azure-Samples/ms-identity-java-webapp/tree/master/spring-security-web-app


https://github.com/AzureAD/azure-activedirectory-library-for-java/wiki


Details for MSAL4J: https://github.com/AzureAD/microsoft-authentication-library-for-java


Hope this helps.


Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as Answer; if the above response helped in answering your query.


· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for the information, I have tied this with my java web app and get auth via web browser already. My ask is your point number 2. [Is this step is possible for the same request the page[endpoint] could open on an android application asking the user to interactively enter the username and password ]

Simply what I want to achieve is: Androind app hits my local api for singin and that sign in controller would get the endpoint which will pe popup on a browser tab. I want to do this in the response of my intial request at android app side. like cors.

0 Votes 0 ·
soumi-MSFT avatar image soumi-MSFT SharmaAyushNokiaINGurgaon-5163 ·

@SharmaAyushNokiaINGurgaon-5163 , Not good with Android though, but just suggestion, have you got a chance to check the steps mentioned here: https://docs.microsoft.com/en-us/azure/active-directory/develop/tutorial-v2-android


This sample does call Microsoft Graph API from an Android Native app. The sample code resides here: https://github.com/Azure-Samples/ms-identity-android-java/


0 Votes 0 ·