I am integrating the Atlassian family: I want to log in SSO through crowd and then issue and control tokens for API certification for each user, but is there any way?
The approximate steps are as follows:
Attempt to log in to the integrated site
Crowd SSO Login
A specific user creates a Jira Project
Hook to Jira server with the creator's ID
Related
I am creating an MS Teams messaging bot through Developer Portal and just relying on the bot messaging bot endpoint of my bot to send/receive messages. I also need OAuth flow for users to login to my website and map that login to the MS Teams user
Documentation:
https://learn.microsoft.com/en-us/microsoftteams/platform/bots/how-to/authentication/auth-flow-bot
I have some questions:
It looks like the 'start OAuth page' and 'callback OAuth page' both utilize MS Teams libraries/packages to call initialize and microsoftTeams.authentication.notifySuccess("{{verificationCode}}"); Is there any rest API endpoint we can call to replicate this behavior or execute these flows? Or is there a java equivalent if we don't want to do all this in javascript?
Can we host the 'start OAuth page' and 'callback OAuth page' in our servers (i.e. not on Azure or Microsoft resources but on our website domain like mywebsite.com/start_oauth and mywebsite.com/callback_oauth)? And if so, is there any documentation for this?
If yes to #2, is there any additional work to be done for hosting these pages in our servers?
Quick update on answer. It looks like I can host these pages anywhere. The MS Teams OAuth flow opens a pop-up for sign-in in MS Teams and as long as that pop-up can redirect to these pages, then these libraries can be called/used regardless of where it's hosted
When building a custom connector from powerapps/powerautomate to the Project Server API where can I find out what the OAuth settings should be? Settings include:
Identity Provider
Client id
Client secret
Login URL
Tenant ID
Resource URL
Scope
Redirect URL
I have full admin rights to SharePoint, project online, and Azure-AD; I just don't know what those mean or where to find them and an hour of googling has me no closer to the answer. Can someone point me in the right direction?
You have to use OAuth 2.0 and for that you have to finish "App registration" in Azure Active Directory (AAD). Once registered, you will get the necessary details - Application Id (Client id), Key (Client secret), URLs, etc.
Read more: Use Azure Active Directory with a custom connector in Power Automate
Since Project (assuming Microsoft Project) is authenticated through Active Directory for your org, you may also be able to use "basic authentication" in your Custom Connector.
If I'm not mistaken, PowerApps will handle the creation and passing of a Bearer Token for Microsoft apps such as Project.
Its worth a try as sometimes the admins for AD are faaaaar away and creating an app ID as mentioned above is infeasible.
I'm trying to create an Amazon Alexa service that will take advantage of the Microsoft Graph... This is built with Node.js.
Currently when using my standard Outlook.com Microsoft Account to sign in, I get redirected to a Microsoft page that says
Microsoft account is unavailable
Microsoft account is unavailable from this site, so you can't sign in or sign up. The site may be experiencing a problem.
You can sign in or sign up at other Microsoft Sites and services, or try again later at this site.
I have been using https://login.microsoftonline.com/common/oauth2/v2.0/authorize as my authorization URL in the Alexa config account linking section. and using the Node Microsoft Graph JavaScript SDK library in my code.
I'm wondering if the Node library I'm using is the correct one? Has it been deprecated? Or is there something else going on here?
A common misunderstanding with Microsoft Graph is the separation of concerns between the API and Authentication.
You do not actually authenticate against Microsoft Graph. Instead you authenticate against the directory that holds your account, for organizational accounts this is Active Directory and for consumer accounts this the Outlook.com.
Once you have authenticated, you use the token you received back to identify yourself when calling Microsoft Graph API.
This is where you (and many others) get tripped up at first. Just as there are two concerns (Auth & API), there are also two separate SDKs. For Node.js you're looking for:
Microsoft Authentication Library (MSAL): This handles authentication for both Azure AD and Microsoft Accounts.
npm install msal
Microsoft Graph JavaScript Client Library: This is the client library for Microsoft Graph. It will provide the objects and methods you need to simplify calling the APIs.
npm install #microsoft/microsoft-graph-client
This should give you the tools you need to get started. There are some things around App Registration, OAUTH and Admin Consent that you'll likely run into as well. For these, you might find these helpful:
Microsoft v2 Endpoint Primer
v2 Endpoint and Implicit Grant
v2 Endpoint and Admin Consent
Hope this helps!
I am new to Microsoft Graph and SharePoint Framework. Recently developing spfx webpart with Graph API's integration.
I have registered the app in https://apps.dev.microsoft.com portal and AAD implementation through hello.js.
The first time browsing to the page, it redirects to Microsoft app login page and prompt for credentials.
Once authentication successful then it's working fine, from then on it does not prompt for credentials.
Is there any possiblities to access MS Graph API directly using Application Id, and Secret without prompting for login?
Yes, you will want to use the client credential flow to do this. You will only have access to organizational data (/me won't work for example, but /users will). There is an article on getting access here.
You will need to log in as an admin one time per application to authorize your app to use your tenant's data. You can do this at:
https://login.microsoftonline.com/{tenant}/adminconsent?
client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&state=12345
&redirect_uri=http://localhost/myapp/permissions
I'm building a web portal where my customers can log in - pretty standard stuff.
Now I would like my customers to log into the portal by using their "own credentials".
The optimal solution would be that users could use one of the following:
Office 365
If they have O365 then just sign in with their own credentials. This scenario is covered by the OOTB VS template
On-premise ADFS
If the customer has an on premise ADFS then they should be redirected to that to sign in. (I know this needs configuration for both parties, buts that's ok)
None of the above
The customer does not have any of the above and therefore need a "local account". In this case I would like to use Azure AD B2C to store the credentials.
I can do all of the above, but I have never tried to do it all together in one site.
Therefore, is it at all possible and how should I be constructed?
And how would the login experience be?
I'm using OWIN.
Any advice would be helpful.
Thanks!
When you say "local". you mean in AAD?
Azure B2C allows non-federated (i.e. don't use ADFS) users to provision and then authenticate themselves.
However, such users are "outside" of the normal authentication flow and cannot use ADFS or have O365 licenses.
In terms of ADFS and O365, you need to set:
Convert-MsolDomainToFederated
as in Step-By-Step: Setting up AD FS and Enabling Single Sign-On to Office 365.
In future Azure AD B2C will add the ability for users to login using their 'Work Accounts'. Those are the accounts used for O365. If the respective tenants have setup federation with Azure AD, ADFS federation will also work.
Meanwhile, the old work around for you to get it to work is to have your application
1. handle multiple tokens. [Azure AD, Azure AD B2C, ADFS or other federations] by implementing each federation to get the tokens.
2. implement the idp selection screen on the application and federate to appropriate party.