How to enable apps to connect for online providers (Windows Store apps using JavaScript and HTML)

This topic explains what online identity providers must do to enable Windows Store apps to authenticate by using Web authentication broker. For more information about Web authentication broker, see Web authentication broker for online providers and Web authentication broker (Windows Store apps).

What you need to know



  • You should be familiar with JavaScript.


Customize your authentication web pages for Windows Store apps

Web authentication broker provides special metadata tags that allow you to easily customize your authentication web to display your personality and brand in the Web authentication broker UI. For information about how to customize web pages for Web authentication broker, see Customizing web authentication pages.

To enable single sign-on (SSO), allow "ms-app" scheme to be registered by the app as its redirect URI.

By default, Web authentication broker does not allow SSO.

To enable SSO, you must allow apps to register a callback URI in the form ms-app://appSID, where appSID is the SID for the app. For information about how SSO works in Web authentication broker, see How web authentication broker single sign-on works.

At run time, allow the app to use a redirect URI only if it has been registered.

If the URI hasn't been registered, don't allow the redirection. For example, in the OAuth 2.0 protocol, the value of the redirect_uri parameter must be within the set of URIs registered by the app.

Developing Windows Store apps

Web authentication broker sample

Web authentication broker (Windows Store apps)

Web authentication broker for online providers

Troubleshooting Web authentication broker




Build date: 7/26/2013