Getting your app started with Azure Active Directory v2 endpoint

Posted on by Bruce D Kyle

azure-active-directoryYou can provide single-sign in to your application by started with a few lines of code. A new wizard in Azure Active Directory documentation makes that easier than ever. A new Azure AD v2.0 endpoint introduces you integrate to simplify your code for your users to log in.  with their Microsoft account and work and school accounts.

App can now accept sign-in from both Microsoft Accounts and Azure AD accounts, using a single auth endpoint.

The new Azure Active Directory (Azure AD) v2.0 endpoint supports authentication for a variety of modern app architectures, all of them based on industry-standard protocols OAuth 2.0 or OpenID Connect.

Apps that use the v2.0 endpoint can also consume REST APIs from the Microsoft Graph using either type of account, which means that your app can find out about your users through a single endpoint.  Use Microsoft Graph to build apps for organizations and consumers that connect to a wealth of resources, relationships, and intelligence, all through a single endpoint.

OAuth 2 or Open ID Connect

OAuth 2.0 defines mechanisms to obtain and use access tokens to access protected resources, but they do not define standard methods to provide identity information.

OpenID Connect implements authentication as an extension to the OAuth 2.0 authorization process.

You’ll use Open ID Connect for most of your applications. And it’s just baked into the libraries.

Scenarios

Azure Active Directory (Azure AD) simplifies authentication by providing identity as a service, with support for industry-standard protocols such as OAuth 2.0 and OpenID Connect.

These are the application scenarios supported by Azure AD v2.0 endpoint. Your app will probably fall into one of these categories:

So when should you stick to the v1 endpoint? Here’s Microsoft’s simplified recommendation for developers at this point in time:

  • If you must support personal Microsoft accounts in your application, use the v2.0 endpoint. But before you do, be sure that you understand the limitations that we discuss in this article.
  • If your application only needs to support Microsoft work and school accounts, don’t use the v2.0 endpoint. Instead, refer to our Azure AD developer guide.

In the case of an application I’m currently writing, I want to get the user to sign in from a variety of ways. I want to take that token and call another service (on my same site) that will call another service to act on my behalf. For that final service to do work, it needs to authenticate my credentials so it can act on-behalf-of me. I can pass from my app’s initial sign in all the way through.

The Steps

So let’s get started.

You’ll want to use the Azure Active Directory v2.0 authentication libraries. There are libraries for .Net, Windows Store, Universal Windows App, Xamarin, iOS, Android, JavaScript, and macOS. Source code for the libraries is available on GitHub.

You can get started in  just a few steps and a few lines of code.

It takes just a few steps:

  1. Register the new app with Azure AD. There is a new app registration wizard. To register an app that works with the v2.0 endpoint, you must use a new app registration portal: apps.dev.microsoft.com. You use the same app ID across your platforms. So your iOS app uses the same Application ID as your web app.
  2. Set up the app to use its authentication pipeline. You can use code in the wizard. Or one of the sample apps.
  3. Issue sign-in and sign-out requests to Azure AD.
  4. Display user information.

Other registration kits and tutorials include iOS, Android, Windows Desktop, JavaScript Single Page Apps, .NET MVC, NodeJS.

Note: There could  be some changes to the APIs. So you may have to update your app.

Resources

Azure Documentation:  Sign-in Microsoft Account & Azure AD users in a single app

Tutorials:

Online video: Enterprise Grade Sign in for Your Apps

Code samples for more complex scenarios: Azure Samples (search on “endpoint”)