Ionic2 cloud google login with asp.net web api - asp.net-web-api

I am building an ionic2 app and implemented google login flow. Which works fine and i get the token after a success full. How do i use this token to authenticate my project web api Endpoint ( using Oauth for generating the tokens). I am using default asp.net web api project template

Related

Is MSAL correct for this case?

I have an old web app that uses Forms Authentication that we've converted to support SAML using Shibboleth. This part is complete and works fine. The app redirects to login.microsoftonline.com, allows a login against the customer's AD (hburg.kyschools.us), and redirects back to the app which now allows the authenticated user in.
The web app also has some ASP.NET Web API controllers that we'd like to authenticate the same way. This also seems to work when the controllers are accessed from a browser that has already logged in. So far, so good.
Now we want to access these Web API controllers from a WPF app. The WPF app has been accessing them for years but just using Basic Authentication. Looking for an example, I found this project on github that shows how to use MSAL:
https://github.com/Azure-Samples/active-directory-dotnet-desktop-msgraph-v2
This project will acquire a token via MSAL and then use it with HttpClient to call a web service. I can run this project and use it to log in to the same AD as above (hburg.kyschools.us). And then it can use HttpClient to access MS Graph.
Now, when instead I try to have the project call into my Web API controller using HttpClient, passing in the same token I received back from the hburg.kyschools.us AD, I get back the Log In page at login.microsoftonline.com, as if I haven't authenticated.
Can I use MSAL to get a token this way that can be used to access my web api via HttpClient from WPF? It seems like I'd need to tell MSAL that I want the token to include authorization for the web app. Is that done somehow in the scopes parameter?

SignIn / SignUp with Google auth code via REST

I am working on the backend for our two applications, which require sign-in and sign-up with a google account via REST - SPA app in Vue and Angular app.
I am thinking about this flow:
User from SPA or mobile application will log in google auth server with his credentials
App receive auth code from google
App request for sign-in / sign-up with this code to our auth service
Auth service fetch information about the user from google by this token, and generate jwt token for our SPA / mobile app which return back
Can you tell me if Spring Social module provides some endpoints to handle and generate this tokens via REST or I must implement it by myself? Thank you.

OAuth2.0 integration with Xamarin

We build our own "OWIN OAuth 2.0 Authorization Server" using "Microsoft.AspNet.Identity.Owin" and "Microsoft.Owin" framework. Ref: https://learn.microsoft.com/en-us/aspnet/aspnet/overview/owin-and-katana/owin-oauth-20-authorization-server
We can be able to send a request to our custom OAuth2.0 server and get OAuth2.0 access token from web applications by using "DotNetOpenAuth.OAuth2.Client".
Also, we can be able to successfully integrate our custom OAuth2.0 server with Cortana bot channel and its working fine.
But while integrating our custom OAuth2.0 server with Xamarin mobile application we are facing issues related to redirect_uri. We get a response like invalid_grant.
We are using "Xamarin.Auth" framework in Xamarin to send the OAuth request.
Here is the redirect_uri, we used in Web and Mobile
a. Xamarin app redirect_uri: com.Demo.Mobile:/oauth2redirect
b. Web site redirect_uri: https://demowebsite.azurewebsites.net/
https://user-images.githubusercontent.com/5037741/54964768-10d0ca80-4f44-11e9-9fd9-92673f07f919.png
Thanks in advance for help on this :)
We resolved the issue by using this redirect_uri pattern oauth2redirect:/com.company.package/

Using Azure AD token in AJAX call from MVC application to separate WebAPI application

I have created a Azure AD protected .Net Core 2.0 WebAPI that has its own URL, and using same clientID, tenantID and domain I am able to send AJAX call from a SPA using ADAL JS.
Now, I need to implement the same without the use of ADAL JS in a MVC application. The issue I am facing is that the token generated by OIDC is not getting authorized on the separate API app.
Any suggestions for this scenario?

Secure WebAPi, Windows Phone and MVC Website

I am working on a Windows Phone 8 app and a ASP.NET MVC 5 website and each of these will access a WebApi service (WebApi 2). The website and WebApi are based on the templates provided by VS2013 RTM and have been setup using the "Individual Account" authentication option available in the project template.
The template sets up the WebApi project to enable bearer tokens, application cookies and external login cookies, etc, and the exposed actions have the Authorize attribute on them.
My two questions are:
1) If I were to use Azure Mobile Services to authenticate a user using Google/Twitter on the WP8 application how can I get the WebApi to allow the authenticated user to access the actions?
2) Same as #1, but from a ASP.NET MVC 5 website perspective?
From I what I can see it would appear that each request requires a bearer token. To get this token would I be correct in thinking that I would access the "token" endpoint exposed by the WebApi to get the token and that would need to be passed with each request?
For 1, you can use azure mobile service WP8 sdk to launch a browser control to authorize user from external site. The code should be similar with WebAuthenticationBroker in windows store app.
For 2, the web api template with individual auth is using an implicit flow in OAuth 2.0 to return the application access token back to client. In MVC app, you can redirect user to
http://<web api domain address>/api/account/externallogin?provider=Facebook&redirect_uri=<your callback url in MVC app>&response_type=token&client_id=mvc.
And in your MVC view, you need to use javascript to get access token from url fragment, which won't be sent to server. In your web api server, you need to allow the client id and the callback url in ApplicationOAuthProvider.
For both 1 and 2, you are not using token endpoint to get the token. You are using the authorize endpoint to get token by implicit flow.

Resources