Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Problem with Authentication #28

Closed
hihelloluigi opened this issue Feb 5, 2020 · 12 comments
Closed

Problem with Authentication #28

hihelloluigi opened this issue Feb 5, 2020 · 12 comments
Labels

Comments

@hihelloluigi
Copy link

Hi :)
I'm new with Azure B2C. I followed the indication on web site (https://docs.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-tenant) on how to create a azure b2c. Now I wanna implement it in my iOS and Android applications. I started with iOS and with this MSAL library. I followed the readme and I put my tenant fields in example variables.

I have some doubts:

  • What do I have to insert in kGraphURI & kScopes if I haven't any backend REST API?
  • When I run the code the first log is:

Unable to create application Error Domain=MSALErrorDomain Code=-50000 "(null)" UserInfo={MSALErrorDescriptionKey=The required query schemes "msauthv2" and "msauthv3" are not registered in the app's info.plist file. Please add "msauthv2" and "msauthv3" into Info.plist under LSApplicationQueriesSchemes without any whitespaces., MSALInternalErrorCodeKey=-42001}

So I added LSApplicationQueriesSchemes.

  • In console after added the previous info in info.plist show:

%@ TID=2218501 MSAL 1.0.7 iOS Sim 13.3 [2020-02-05 17:40:28] Default app's access group: "Masked(not-null)". %@ TID=2218501 MSAL 1.0.7 iOS Sim 13.3 [2020-02-05 17:40:28] Using "Masked(not-null)" Team ID. %@ TID=2218501 MSAL 1.0.7 iOS Sim 13.3 [2020-02-05 17:40:28] Init MSIDKeychainTokenCache with keychainGroup: Masked(not-null)

Is that correct?

And finally when I tried to authorize, the app open a web view with the correct page I insert the credentials but return NO token and this error:

Could not acquire token: Error Domain=MSALErrorDomain Code=-50000 "(null)" UserInfo={MSALErrorDescriptionKey=Authentication response received without expected accessToken, MSALInternalErrorCodeKey=-42008, MSALCorrelationIDKey=0561E37D-1D5C-4B12-9862-6D9CC4798CB6}

But I think that is caused from some configurations errors.

PS: Is it possible to implement a custom native UI for signup, login ecc... without open a web view? If the answer is YES, how can I find some tutorial o guide?

Thank you very much!!

@jennyf19
Copy link
Contributor

jennyf19 commented Feb 6, 2020

@mo3bius I know for .NET, developers have to send us a scope value. I'm not sure for Obj-C, but @oldalton can answer that for us. If you don't care about configuring an API, then just use "user.read" as the scope value, I know this works for apps registered with AAD, but not sure for AAD B2C (@valnav do you know if this is the case?).

Because you're not sending in a scope, you're not getting an AccessToken back. In the AAD case, sending in user.read will get you an AT for graph. B2C is slightly different however.

@valnav
Copy link

valnav commented Feb 6, 2020

B2C apps need the offline_access and openid scopes. In the new app registrations (preview), this is selected by default during the registration of the app. See highlighted in the image
appreg-b2c

@hihelloluigi
Copy link
Author

hihelloluigi commented Feb 7, 2020

user.read

I tried to insert let kScopes: [String] = ["user.read"] // This is a scope that you've configured your backend API to look for. but show me this error message:

Could not acquire token: Error Domain=MSALErrorDomain Code=-50000 "(null)" UserInfo={MSALErrorDescriptionKey=AADB2C90117:+The+scope+'user.read'+provided+in+the+request+is+not+supported. Correlation+ID:+1752abff-5f82-4683-b8c3-11f139a5fb06 Timestamp:+2020-02-07+16:47:46Z , MSALOAuthErrorKey=invalid_request, MSALInternalErrorCodeKey=-42002}

@hihelloluigi
Copy link
Author

B2C apps need the offline_access and openid scopes. In the new app registrations (preview), this is selected by default during the registration of the app. See highlighted in the image
appreg-b2c

I selected this flag on Azure but I don't understand what I have to insert in:
let kScopes: [String] = ["https://fabrikamb2c.onmicrosoft.com/helloapi/demo.read"] // This is a scope that you've configured your backend API to look for. of swift code.

Because in this moment I don't have any API to connect (I just want a token back from B2C) and if I try to insert: "user.read" or "opened" or "offline_access"

let kScopes: [String] = ["user.read"]
let kScopes: [String] = ["opened"]
let kScopes: [String] = ["offline_access"]

Give me an error like I said in previous response.

@agentsim
Copy link

Were you able to figure out how to request the user.read scope? I'm having the same problem.

@oldalton
Copy link
Contributor

oldalton commented Feb 15, 2020

Unfortunately we don't support cases where no access token is returned right now. I've filed a feature request for this here: AzureAD/microsoft-authentication-library-for-objc#852

  1. In the meantime, you can configure your own "dummy" Web API and a scope. Try following:
Select your Web API registration (create one if needed) -> Go to “Published scopes” -> Add user.read scope -> Go to “API access” -> Select “Add” and select your “user.read” scope in the popup

Now go to “Properties” -> Check App ID URI

Copy App ID Uri and append “user.read” to it

So if App ID uri is “https://iosmsalb2c.onmicrosoft.com/test”, scope would be "https://iosmsalb2c.onmicrosoft.com/test/user.read” 

Pass scope to MSAL
  1. Another thing you can do, is pass your clientId that you're using to create MSALPublicClientApplication as your scope.

@nguyenhuutinh
Copy link

yes, the guideline is very confused to follow.
should make more clearly about some parameter

@nguyenhuutinh
Copy link

nguyenhuutinh commented Feb 15, 2020

and what should I fill for kGraphURI ? @oldalton

@oldalton
Copy link
Contributor

If you are actually not calling any Web API from your client, feel free to ignore that section and you can also completely remove this function from your app: https://github.com/Azure-Samples/active-directory-b2c-ios-swift-native-msal/blob/master/MSALiOSB2C/ViewController.swift#L270. This sample is meant to show client calling your own Web API on top of initial sign in.

@oldalton
Copy link
Contributor

oldalton commented May 8, 2020

Closing this issue as stale. Please reopen if needed.

@mbondoso
Copy link

@oldalton I have already a webapp working with msal that currently is returning an id_token;
I tried to replicate the same approach when developing for iOS, which is the same as you suggested it above:
2. Another thing you can do, is pass your clientId that you're using to create MSALPublicClientApplication as your scope.

But the error is still the same, "Could not acquire token: Error Domain=MSALErrorDomain Code=-50000 "(null)" UserInfo={MSALErrorDescriptionKey=Authentication response received without expected accessToken"

can you give a little bit more input on this?

@oldalton
Copy link
Contributor

@mbondoso, you'll need to create a "dummy" API like it is explained above.

Unfortunately we don't support cases where no access token is returned right now. I've filed a feature request for this here: AzureAD/microsoft-authentication-library-for-objc#852

  1. In the meantime, you can configure your own "dummy" Web API and a scope. Try following:
Select your Web API registration (create one if needed) -> Go to “Published scopes” -> Add user.read scope -> Go to “API access” -> Select “Add” and select your “user.read” scope in the popup

Now go to “Properties” -> Check App ID URI

Copy App ID Uri and append “user.read” to it

So if App ID uri is “https://iosmsalb2c.onmicrosoft.com/test”, scope would be "https://iosmsalb2c.onmicrosoft.com/test/user.read” 

Pass scope to MSAL
  1. Another thing you can do, is pass your clientId that you're using to create MSALPublicClientApplication as your scope.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

7 participants