10

Might seem a silly question, but Microsoft's documentation isn't very beginner friendly, I think. It uses as examples "http://localhost:31544" for the sign-on url and "http://MyFirstAADApp" for the redirect URI, but although I understand what a local host is I can't figure out what exactly the numbers on it are and how I define them for my application, and absolutely zero clue of what the redirect URI is supposed to do for a native application and how should I define a URI for my own.

To be more clear on what kind of app I'm trying to add, I merely want to acess the Office 365 management API tools and get some data from it, so I imagine a native app would fulfill my needs for now. Registering the app on Azure AD is required to do so according to Microsoft's documentation.

So expanding on the title, how to define an URI for my native app is what I would mainly like to know. Some further clarification on what exactly is the purpose of this URI as well as to how to use and/or define a localhost URL for an Web app would also be much appreciated.

Janilson
  • 1,042
  • 1
  • 9
  • 23
  • Take a look at: https://stackoverflow.com/questions/46682708/azure-app-registrations-sign-on-url – Simon W Mar 14 '18 at 02:03
  • 1
    The answers on that link are imo pretty poor. They either say "do this" or "do that" without saying why I should be doing such a thing. or just link and copy+paste the microsoft docs which is the first place any person would look at before coming here to ask such a question. I don't want to take others people help for granted but I came here to try to gain a better understanding of these things. If I wanted to simply copy+paste there are plenty of examples around the internet I could use – Janilson Mar 14 '18 at 02:44

4 Answers4

8

I know this is ancient, but I don't see a satisfying answer here, and maybe someone will come across this and find it useful. To answer the question asked, unless you're going to work outside of the default MSAL handling of the server responses, and I don't expect you would from your description, I'd just go ahead and use the default: https://login.microsoftonline.com/common/oauth2/nativeclient

When you go into the Azure AD portal, go to your application and, from the Overview, select the "Set RedirectURL" option, you'll add a platform and select the "Mobile and Desktop Applications" and you'll be provided with the choice of 3 URLs to choose from. My understanding is this is just there for custom handling of authorization tokens and is telling MS where to send those tokens. The MSAL library functions seem to use this link as well, so they're probably handling this in the backend.

I agree with the OP though, the MS docs are severely lacking for newcomers and I wasn't able to find an end-to-end description of what needs to happen to get, in my case, a desktop application to send email through Office365 using 2FA. I would forge ahead as best I could until I hit the next error, then explore that, sort it, then slam into the next one. Rinse and repeat. This was made extra tedious as I had to go through a 3rd party IT group to get the 2FA access codes every time I wanted to test.

Best of luck, hope this helps someone!

Jim Read
  • 81
  • 1
  • 1
3

how to define an URI for my native app is what I would mainly like to know.

You should provide a Redirect URI that is unique to your application as it will return to this URI when authentication is complete.

In your application, you will need to add a class level variables that are required for the authentication flow, include ClientId and Redirect URI.

Here is the diagram:

enter image description here

Native application makes a request to the authorization endpoint in Azure AD, this request includes the Application IP ,Redirect URI and application ID URI for the web api.

After user signed in, Azure AD issues an authorization code response back to the client application's redirect URI. After that, the client application stops browser interaction and extracts the authorization code from the response.

Then the client app use this code to sends a request to Azure AD's token endpoint. upon successful validation, Azure AD returns two tokens.

Over HTTPS, the client app uses the returned JWT access token to add the JWT string with a “Bearer” designation in the Authorization header of the request to the web API. The web API then validates the JWT token, and if validation is successful, returns the desired resource.

More information about it, please refer to this article.

Jason Ye
  • 13,710
  • 2
  • 16
  • 25
  • Does this work for you? please let me know if you need more help:) – Jason Ye Mar 15 '18 at 00:42
  • If you need more help, please let me know. Also if it helps, please don't forget to accept it as an answer so that other community members will be benefited, thanks:) – Jason Ye Mar 16 '18 at 01:23
  • 2
    This doesn't answer the question. The core of the question is "how do I work out what my Native Apps redirect URI is?" – robomc Feb 04 '19 at 23:58
0

For native you can set redirect to be equal to the Application ID URI, which now defaults to look like //app:{ApplicationId}

Bon
  • 1,083
  • 12
  • 23
0

Redirect uri be starts with SSL URL, so select your project, enable SSL URL and use this auto generated SSL URL (for example : https://localhost:port#) as redirect uri , same to be updated in the azure app registration as additional redirect URIs

user16396585
  • 1