I am trying to disable my logic app via a Http post from within the workflow, but I can't seem to get the authorization to work with my AD.
It says I need the Authorization Bearer token header, but when I fill the information in the fields marked with the red star it always fails.
Either I input the wrong information or I am doing something else wrong.
Where do I get all the information for the fields for the OAuth to work?
Also isn't some of these for using against a web application like an API?
In that case how do I do this only in relation to the resource explorer API?
UPDATE
So i have tried to put it as a web application in my AD and that doesn't work either, is there ANY documentation about this anywhere??
OK, so i found a workaround or maybe this is even the right way to do it.
Now using a HTTP Post Connector in Logic apps is probably the right way to do it when you have for example a API registered as an application in you AD that has the right permissions. what i did was:
First: Using/Created the Azure Resource Management Connector i didn't know excised, called "Invoke Recource Operation".
Second: After it propted you to login (with for example a service account), this layout is show to fill in the same inputs as in the request POST URL in the above connector.
Shown below:
This worked and disabled the LA perfectly.
Related
I recently started getting into Typo3 but now I have to implement something for work and I have no clue where to start.
The requirements:
I have to add a separate page that can only be accessed by frontend
users. (so far no problem)
These frontend users should be able to login with the same password
as they got for their iOS app. (uh-oh)
The separate page should display data from the app. (less of an uh-oh
but connected to the previous point)
After talking to the developer of the app, he made a specific POST request that can be used for the webpage. I am also getting a json-file with the required data that I need to display upon successful login.
My question lies with the login. How do I go about implementing this? I use the extension felogin to provide the login form on the page.
The POST request is looking sort of like this:
https://domain.at/api/queryMediaItems. It needs user and password, declared as user and pwd. In the body there should be a json object with the language, e.g.:
{"language":"de-at"}
You need to implement a SSO (SingleSignOn) as your users need to identify against the iOS-app.
This might give you a concept.
You also can look inside the code of some extension
I created a new ASP.NET MVC WebApplication in Visual Studio 2015 with the options to use School or Work Accounts to authenticate against an AzureAD. This worked fine.
Then I converted the Project to an App for Office Project as an Excel Task-Pane Add-In.
Then when I start the Application it starts an Excel Spreadsheet with a taskpane showing the request to login with Microsoft. When selecting an account or choosing to log-in with another account I get redirected to login.mocrosoft.com in a new Browser but receive the following error:
IDX10311: RequireNonce is 'true' (default) but validationContext.Nonce
is null. A nonce cannot be validated. If you don't need to check the
nonce, set OpenIdConnectProtocolValidator.RequireNonce to 'false'.
The URL shown in the new browser is "https://localhost:44300/" since I am debugging locally I take it.
Is this an issue because the authentication originates from the Task-Pane? Is the Task-Pane the same as an iFrame? If so it could be a similar issue as the following problem: OpenIDConnect Azure Website hosted in an iFrame within Dynamics CRM Online
Can I simply set the RequiredNonce to false? If so how?
Please help me to create an App for Office with Authentication against an AzureAD / Office365Domain? The AzureAD I am authenticating against is my private Free MSDN Subscription currently, wanting to use the company's Office365 AzureAD in future.
I am using Office2016, VS2015, Microsoft.Office.js Version 1.1.0.9.
First, it is feasible to do what you are looking for, have a look on my add-in: Keluro Mail Team. Keep on working, you'll manage to make things work^^.
Step1
First, start with the most simple scenario: your auth process should work in a standard window we sill see the sandboxed iFrame later. Check your OAUTH flow when browsing your 'app directly', i.e. test your authentication as a plain regular web app which is served in your case at https://localhost:44300/". To avoid javascript errors remove all Office.js related stuffs and the Office.Initialize function.
From the error message dealing with Nonce, I bet you are implementing a code authorization flow. This should be more or less something that looks like this sample. In this code authorization flow, the token and the REST requests are made by your server using an authorization token. Meanwhile authentication between your server and your web app is made with a plain old asp.NET cookie (in the sample above at least). This scenario is OK for our purpose, I use it too. To complete this step, try to request some basic stuff that is not related with Office.js but only with the Office 365 REST api. In one word forget that your developing and Office add-in, image you are developing an Office 365 web app.
Step2
Now that you completed Step1 you can go for step 2: make things work in a sandboxed iFrame within Office. Have a look at this blog post from Richard DiZerega. This is the most reasonable approach to handle OAUTH flow in a sandboxed environment. If you are using the sample mentioned in Step 1 above, the authentication between your server and your app is made using an asp.NET cookie. Following, Richard's guideline you could keep it in a server-side cookie dictionary after the popup OAUTH flow is completed and then set it in a request from the original iFrame. To recognize that the two windows correspond to the same user you can generate (cryptographically secure!) an id that you can pass in the two requests (parameters are encrypted in https). Ok that is complicated but it works. The SignalR technique Richard talks about is a plus for user experience but is not mandatory, that could be a Step3.
I solved my issue by adding https://login.microsoftonline.com and https://login.live.com to the App Domains in the App Manifest. I dont understand the technology, so I cannot comment on why this works, but the solution works for me.
I'm working on a Box integration and have run into an interesting scenario:
Box user right-clicks in Box and selects an action
The user is sent in an iframe to the client_url.
Since in box we have to keep track of each users' access and refresh tokens, on this pass we discover in our application logic that the user lacks valid tokens.
As per the docs we send the user to:
GET https://app.box.com/api/oauth2/authorize?response_type=code&client_id=MY_CLIENT_ID&state=security_token%3DKnhMJatFipTAnM0nHlZA
and from there Box sends the user to the configured redirect_uri. My question is after authentication, how do we get back to the confiured client_callback url that we configured for our Box application? I don't see a way of getting back to our original url since we had to inject a view for the Box authentication and are then routed to the oauth callback url.
Thanks!
https://developers.box.com/oauth/
From the Box Support team:
Paul Paulauskas (Box Customer Success)
May 27, 4:26 PM
Hi,
The Box web app integration was never designed around having a full authentication flow. When a web app integration is called, it can deliver an auth_code (it's one of the parameters that you can choose), which can be used to create an access token and a refresh token. This is discussed under the "Popup notification" section of:
https://developers.box.com/box-web-application-integrations/
Let me know if this helps!
Thanks,
Paul
Box Platform Support Engineer
In short, the Box app integration configuration looks like this now:
Note the auth_token attribute is the same as the code attribute returned by the authentication workflow described in https://developers.box.com/oauth/
I am trying to integrate Windows Azure AD in to iOS application. I was able to do authentication with common consent framework and also able to access list of users in my active directory.
Format of my request,
URL: https://graph.windows.net/mytenantdomain/users?api-version=2013-04-05
, HTTP Method: GET,
HTTP Header: Authorization: Bearer <'access token'>
I am able to receive various other fields associated with users entity but it fails to return thumbnailPhoto field. Is there anything i need to do or its not supported as of now. Any solution to this issue will be helpful.
That is indeed the default behavior. You need to make an additional call to fetch the thumbnailPhoto property.
HTTP GET https://graph.windows.net/<directory_name_or_id>/users/<users_upn_or_objectid>/thumbnailPhoto?api-version=2013-11-08
Hope this helps
I was having this problem. I assumed the picture I was setting in my O365.com profile was the same as the thumbnailPhoto property. After unsuccessfully trying a couple times, I opted to upload a photo using Powershell: Set-AADUserThumbnailPhoto -Id "xxxx-xxxx-xxxx..." -ThumbnailPhotoFilePath "C:\users\me\Desktop\mypicture.jpg". Then it worked.
I'm about to build a console application that needs access to the authenticated YouTube Data API. Calling the API's themselves is not a problem, I know quite well how to make and process HTTPS requests.
I've already gotten the API key and the Client ID. No problems there, either.
The problem is the authentication.
I've checked here: https://developers.google.com/youtube/v3/guides/authentication#installed-apps
On the "Installed applications" tab, in step two, it instructs on how to set up a url to call to do the authentication step. All good so far. But before programming anything, I thought I'd try and see what that url does in the browser.
Turns out it just displays a login prompt. Well how about that. That won't work in this kind of console application. The idea is, presumably, that the user is somehow shown this webpage and be instructed to login and allow access. Then, somehow, by some kind of magic perhaps, the access token is sent back to my console application.
Two things I'm not quite sure about:
1) How do I prompt for the username and/or password in the console app and send that to the authentication URL?
2) How would I get the access token back from it?
The biggest problem is that the API seems to require a browser... Which isn't there. My console application will (eventually) run unattended, so starting up a browser and displaying a webpage and doing nothing until it returns a code, is out of the question. I need to somehow supply the authentication page a username/password and get back the code right away.