It would be nice.

I've not delved into Xamarin.Auth yet, but it looks like it does a very similar type of thing?

It has the concept of authentication providers though. Would it be a nice idea / possible to write an Adal provider for xamarin auth? - just putting it out there

Can this be used to generate a refresh token for a native app e.g Xamarin Forms

Firstly - thanks for cross platform! :)

I had a go with getting this working with my android app, but the ReturnUri presents a problem.

So, when the user first loggs in, they are sent off to enter their credentials and that works fine. However because I do not know what ReturnUri to use on android, i'm just using: "http://www.someurl.com" - and becuase of this, as soon as the user logs in, they then get redirected of to this URL - which breaks the flow (because it's obviously not valid) - as a big error comes up on the sign in page.

I know on windows store apps you can use WebAuthenticationBroker to get the return url for the current app. What's the way to do this on Android? is there one? Is there a way to not pass a returnurl for android? (but then I am not sure how the saml token is obtained after the user submits their credentials)

Hopefully I am making sense, and hopefully i'm just misunderstanding something simple?

Cheers

Thanks for this sample.

Followed the guide and create app in Azure with Client ID and set Permissions.

However, after login, I don't a consent page asking for permissions, but instead get an error:

AADSTS65001: The user or administrator has not consented to use the application with ID '***'.  
              Send an interactive authorization request for this user and resource.\r\n

Don't know what to do, also set all possible permissions in the Azure portal to be sure not missing a privilege, see screenshot, but still no luck, same error message.

Using Microsoft.IdentityModel.Clients.ActiveDirectory 3.9.302261508-alpha\

I want to be able to log out to change user.

How can this be done?

In the repo I can see there are AppCreationScripts https://github.com/Azure-Samples/active-directory-dotnet-native-multitarget/tree/master/AppCreationScripts.

I've used them and they correctly provisioned AAD and modified the application.

However the readme.md does not mention this at all.

I want to link all assemblies , but it does not work

I got this error:

The type initializer for 'Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext' threw an exception.

Is it any workaround or fix for this?

..\packages\Microsoft.IdentityModel.Clients.ActiveDirectory.3.19.2\lib\portable-net45+win\Microsoft.IdentityModel.Clients.ActiveDirectory.Platform.dll

There is not such platform moniker as "portable-net45+win"

authResult = await authContext.AcquireTokenAsync(graphResourceUri, clientId, returnUri, parent);

Stack Trace
" at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenInteractiveHandler.VerifyAuthorizationResult()\r\n at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenInteractiveHandler.d__10.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Runtime.CompilerServices.TaskAwaiter.ValidateEnd(Task task)\r\n at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.Flows.AcquireTokenHandlerBase.d__57.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.d__39.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext.d__28.MoveNext()\r\n--- End of stack trace from previous location where exception was thrown ---\r\n at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)\r\n at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)\r\n at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()\r\n at DirectorySearcherLib.DirectorySearcher.d__5.MoveNext()"

Is this related to: AzureAD/azure-activedirectory-library-for-dotnet#684

Following the description as provided. I created a App from using my credentials from an Office 365 E3 Tennant with users on manage.windowsazure.com created an Application under the WAAD there, copied the Client ID and used a real URI from a AzureWebsite i created for this sample. I got "Operation Not Supported" after just changing the Redirect URI and Client Id in the PCL class as directed.

If I perform the optional steps and register the app in my own AAD tenant and change the returnUri and clientId, everything works. But if I restore the returnUri and clientId to their original values which according to the documentation will still work because it is configured to work with all tenants, it doesn't work. After I enter my password, I get:

AADSTS50011: The reply url specified in the request does not match the reply urls configured for the application: '8313f713-eaf3-499c-ac75-516592f38d5f'.

I assume that the developers of this sample registered this application in their own AAD tenant and was assigned appId = 8313f713-eaf3-499c-ac75-516592f38d5f. I assume they specified returnUri of "https://MyDirectorySearcherApp" since that is what is in the sample code as checked in. I also assume that registering this app in their own AAD tenant somehow makes it work for all tenants?? Perhaps that is what availableToOtherTenants = true means??

So if this is supposed to work for all tenants, why am I getting a bad repy url message?

Anyone else encounter this problem? How should I got about fixing it ...

Steps to reproduce:

1. Download/Clone project
2. Load into Visual Studio
3. Download missing packages via NuGet
4. Receive error
5. Clicking restore results in same problem occuring
   

(Searching for this specific package via Nuget also shows that it does not exist ...)

It's pretty schiesty.

https://github.com/AzureAD/azure-activedirectory-library-for-dotnet/wiki/iOS-Keychain-Access followed these instructions to rectify issue but after adding Entitlements.plist to custom entitlements, i now get could not find any provisioning profiles for iOS error?

When it makes sense (shared token cache db)

I am trying to use adal authentication in a Xamarin.Forms app, but the library has changed and i cannot make the authentication work.
The latest example i could find is this: active-directory-dotnet-native-multitarget but is not compatible with the latest version of adal.
I cannot use AcquireTokenAsync , How can i use it ? Can you give me an example?

We have any method that returns AccessToken using "Scope" instead of "resource" if no then how can I find resource URL for ADFS 3.0 OpenId connection.

Hi there,

I'm using this sample, but had an issue with restoring the Nuget packages for ADAL. Since the sample is supposed to be for a very recent Alpha version of ADAL I installed the newest Alpha package I could find (3.3.206061641-alpha) which may be the source of my troubles. I've configured my Azure AD with a new native app that I'm using to execute this sample.

When I run the iOS sample, everything goes through as expected -> I enter a user name to search for , I get prompted to login, redirected to my company's login page, permissions are requested and granted and I see the results. When I run the Android sample, I enter the user name to search for, get prompted to login, redirected to my company's login page and then encounter this exception after entering my password:

AADSTS90014: The request body must contain the following parameter: "client_secret or client_assertion".

I'm not sure what to do to t-shoot this problem. I found some documentation here:

https://github.com/AzureAD/azure-activedirectory-library-for-android

that suggests I need to add the following permissions to the Android manifest: ACCESS_NETWORK_STATE, INTERNET, GET_ACCOUNTS, USE_CREDENTIALS, and MANAGE_ACCOUNTS which I have added.

From what I can see this all looks correct, which likely just means I've skipped some blindingly obvious step. Thoughts on how I can approach troubleshooting this?

How do you deal with screen orientation issue on Android when user tries to sign in using ADAL ((Microsoft.IdentityModel.Clients.ActiveDirectory))? What I see is following:

1. In my app user taps on Login on Android
2. User is prompted to enter user email on Microsoft sing in page
3. User enters email and hits Next
4. User is prompted to provide password
5. User rotates device some time during entering the password but before tapping on Sign In button

PROBLEM: If user now rotates Android device, he is returned back to step 2 and the already provided user email is lost. Rotating device should not return back but just continue where user left off.