jeroenheijmans/sample-angular-oauth2-oidc-with-auth-guards

Provide examples for connecting to Azure clients

displague opened this issue · 5 comments

Users in Microsoft environments can create clients at https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationsListBlade.

Configuring this example to work with this client is somewhat complicated and an example would help many users.

The issuer URL would be: issuer: 'https://login.microsoftonline.com/{tenant_id}/v2.0'

Response type would be: (I don't know, perhaps this?) responseType: 'code id_token token',

What would clientId be?

How do you register the URLs and configure the proper flow?

https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/Authentication/appId/{client_id}/isMSAApp/ has options for configuring implicit grant flow, https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-implicit-grant-flow?WT.mc_id=Portal-Microsoft_AAD_RegisteredApps:

To enable the implicit grant flow, select the tokens you would like to be issued by the authorization endpoint:

  • Access Tokens
  • ID Tokens

What Logout URL should be used?

Additionally, I received the following: "Every url in discovery document has to start with the issuer url.Also see property strictDiscoveryDocumentValidation." after https://login.microsoftonline.com/{token_id}/v2.0/.well-known/openid-configuration was fetched. Is it really invalid? It seems users will have to also set strictDiscoveryDocumentValidation: false,.

Hey! I understand and appreciate the feature request. I guess we could have a whole bunch of these feature requests for all the various IDS solutions out there (IdentityServer4, KeyCloak, Auth0, Spotify, Google, Facebook, Azure, etc).

There also lies my problem: I'm not sure if this added scope is something that'll benefit this repository in the long run. Adding examples (either in code or documentation) will also incur future costs of keeping them up to date, something I'm not sure I can commit to.

Hope that kind of makes sense?

What I think we can do is add a section to the readme with links to various other tutorials and possibly forks of this repository that show another IDS solution. That way people will see the clear boundary (navigating to another repo or site) with dito expectations.

If you'd be willing to create such a fork or tutorial for AAD I'd be happy to include a link to it.

I like that approach. I wasn't able to get this working so I'm not sure if I'll have an opportunity to dig deeper into solving the integration questions, and posting the tutorial content.

Do you have any experience with this Azure service? Perhaps we could figure this out in a quick call, I'm first initial + last name at equinix.com.

Hey! Sorry, but if you need to debug and fix your specific situation I'm afraid you'll need a colleague, friend, consultant, or some more own time to get it sorted. I'd prefer to invest my time on open source or own work, hope you understand!

Hey guys, I successfully made Azure AD B2C working with custom policies using this library. @jeroenheijmans I would be happy to provide a sample working with Azure AD B2C as of what I did and how.

Hi @mathieu2em! A sample could be super helpful to people. However, I'm gonna keep this repository with just one specific IDS backend, or I'd be afraid it looses its main purpose.

The lib itself has some docs sections (e.g. for Auth0) specific to IDSes, you could propose it there? Alternatively you're welcome to fork my sample and tweak it to show support for your IDS too of course!