Not able to access azure digital twin API without user interaction - azure-digital-twins

I referred to these answers but I'm not able to authenticate Azure Digital Twins without browser interaction.
How to access azure digital twin API using Service Principal?
Is it possible to configure Azure Digital Twins API access for a Daemon App?

Those two questions both refer to the Azure Digital Twins preview before it was refreshed. It is possible to access Azure Digital Twins without browser authentication. You will need the Azure.Identity package. I used version 1.2.2
var credential =
new ClientSecretCredential("{AZURE_TENANT_ID}, "{AZURE_CLIENT_ID}", "{AZURE_CLIENT_SECRET}");
var client = new DigitalTwinsClient(new Uri("{AZURE_DIGITAL_TWINS_URL}"), credential);
You need to replace the values with
Your Azure AD tenant ID.
The client application ID of the app registration you created in Azure AD.
A client secret, you need to create this in the app registration in the Certificates & Secrets blade.
The URL to your Azure Digital Twins instance.

Related

Accessing Azure B2C-protected odata feed using PowerBI desktop / excel

I'm working on OData/webAPI service implementation. PowerBI desktop app will be used to retrieve info from the service using odata feed datasource.
Service in protected by Azure B2C auth. Accessing odata endpoints using browser works fine - after signing in access is granted. But when I'm trying to connect to the feed using powerbi desktop by performing signin attempt, it reports that token source is not trusted.
picture related: sign in error
Also, in case of single-tenant Azure AD auth (not B2C) usage, authentication in PowerBI worked though.
So, is there a possibility to make PowerBI work with Azure AD B2C (to make it trust the token source)?
No, Azure AD B2C does not issue tokens which Microsoft first party services recognize. AAD B2C is used to protect you own services which you supply to your own customers.
If you would like your customers to have self service sign up, and access Power Bi resource, then have your front end web app talk to a backend API. Protect the front end and backend with AAD B2C. That backend API should use client_credentials to authenticate via AAD endpoints to access Power Bi data on behalf of the user.

What is the usage of client secret in azure active directory b2c?

What is the usage of client secret in Azure AD B2C? The Microsoft doc only said
If your application exchanges a code for a token, you need to create
an application secret..
Will the azure ad b2c encrypt the token by the client secret, or if a native app requests a token need to send the client secret to the azure ad b2c endpoint?
And, does the client secret can be used to make only my trust native app can get the jwt then to visit my server, third part untrust app can't get the token from the b2c to visit my server?
and what is the usage of application id uri?
thanks.
It has nothing to do with whether you are using Azure AD or Azure AD B2C.
client_secret is required for web apps rather than native apps because client_secrets can't be reliably stored on devices.
It's required for web apps and web APIs, which have the ability to store the client_secret securely on the server side.
The official document: Add a native client application to your Azure Active Directory B2C tenant also doesn't mention that you need to add a client secret.
What you have seen in Microsoft doc is for web apps.
and what is the usage of application id uri?
Application ID URI is the unique URI that is used to identify your API. When requesting an access token for this API, the whole URI should be added as the prefix for each scope.
If you have a web API protected and use another client app to access this API, you can enter the identifier used for your web API. See details here.

Azure API Management integration in Azure Active Directory

I want to secure my API Proxy created in Azure API Management using OAuth 2.0.
I want to use Azure Active Directory for OAuth.
As per MS documentation, I have to manually create an Application in Azure AD and copy that CLIENT_ID and KEY into developer portal to generate OAuth Tokens. But this works only for developer portal to get JWT tokens.
Every time a new developer comes and registers a developer application on my developer portal, a pair of keys (Primary key & Secondary Key) are generated.
Can I use these keys to authenticate and generate JWT tokens.
Also I want this process to be automated, so that I do not have to do anything manually in AAD after developer sign-up and subscription.
I have also tried to visually represent the scenario I want to achieve:
The pictorial representation of my requirement

Integrating WSO2 API Manager 2.1.0 with Azure AD

We have requirement to configure Azure AD as a 3rd party key manager in WSO2 API gateway 2.1.0. Is there any reference available for the key manager client implementation with azure AD?
The scenario is that a mobile app will use Azure AD for authentication. Azure AD returns a token. Mobile app uses this token for API invocation via WSO2 API gateway. As per my understanding, this can be handled by configuring Azure AD as key manager in WSO2 API mananger.
Any help in this regard is much appreciated.
Based on my understanding, the WOS2 API Manager used Key Manager to handle all clients, security and access token-related operations.
To integrate WOS2 API Manager with Azure AD, we need to implement the Key Manager ourselves. Then we can follow this document to configure the Third-Party Key Manager.
See the WSO2 default Key Manager implementation for a sample Key Manager implementation.
And here is the helpful documents about integrating application with Azure AD:
Integrating applications with Azure Active Directory

ADAL iOS Authentication to Azure Web API

Right now, I have a native azure app that my iOS app uses ADAL to authenticate to with no issues. I've added a Web API in azure and it's being managed by the Azure API Management resource. I have this API using an oAuth server that uses Azure AD for authentication (all created within the Azure API Management).
The issue I'm having is the oAuth token I'm receiving from my iOS App is not being accepted by my Web API. They are both using oAuth to the same Azure Active Directory. I tried changing in my iOS app, to use the Web API app client ID instead of the native app client ID. The issue then becomes during authentication, it needs a "client_secret" in the request. Looking at the ADAL iOS library, I'm not seeing a method to get a token that passes in a client secret as a parameter.
Scroll down to the Keys section, you will see the key as the client secret. They are used for calling the web api.
These two methods of authenticating the applications are referred to as interactive (user signs in) and non-interactive (app provides its own credentials). In the non-interactive mode, you must assign the service principal to a role with the correct permission. About the AAD authentication's more information, you could refer to: https://azure.microsoft.com/en-gb/documentation/articles/resource-group-create-service-principal-portal/

Resources