I have a Xamarin.Forms iOS/Android app and have to authenticate the user against a Microsoft Azure B2C AD.
I have added the Microsoft.Identity.Client NuGet and using this for authentication.
Login works fine and I am able to use the returned token to call an Azure hosted service of our own.
The trouble is that when I try to logout the user it does not work as expected.
If the user logs out and immediately after kills the app, the next time the app is started the login screen is presented as expected.
To kill the app on iOS I go to app-switcher with double click home button and the swipe up.
But if the user does NOT kill the app, but instead presses my login button (triggers a call to AcquireTokenAsync()) the sign in screen is NOT presented by Microsoft.Identity.Client but instead a valid token is immediately returned and the app is able to use this token for service calls, i.e. it is a valid token.
Next time the app is launched the token is no longer there and the login screen appear.
The strange this is that when I run the sample from GitHub/active-directory-b2c-xamarin-native I see the same behaviour. So I suspect it is a bug in the MSAL component from Microsoft.
According to the sample logout should simply be done with calling
PublicClientApplication.UserTokenCache.Clear(PublicClientApplication.ClientId);
I have also tried with adding
foreach (var user in PublicClientApplication.Users)
{
user.SignOut();
}
without any change.
Any suggestions?
Just add following line in Droid Project:
CookieManager.Instance.RemoveAllCookie();
in iOS,
foreach (var cookie in NSHttpCookieStorage.SharedStorage.Cookies)
{
NSHttpCookieStorage.SharedStorage.DeleteCookie (cookie);
}
and for more details visit this link https://developer.xamarin.com/guides/xamarin-forms/cloud-services/authentication/azure/
This is happening because the service does not support certain features that would result in a user sign out. This is still a work in progress.
Related
We are working on a Xamarin Forms UWP app which has a requirement, when we click on the app icon, automatically log into the app without having to enter any user details. The app should use the same credentials used to login to the Windows 10 device. Basically, sign in user without prompting them to login again, fetch access token and get data from API.
The user would use their enterprise credentials to login and are on the enterprise network
Can someone point me to the right direction on how can we achieve this?
Thanks in advance.
SSO in Xamarin Forms UWP app on Windows 10
You could use Xamarin.Essentials: Web Authenticator to auth the specific and get token the store the data in to Application.Current.Properties like the following
Application.Current.Properties ["token"] = token;
When you open the app, you need check if Application.Current.Properties ["token"] contain the value, if the value is not null, you could login the app directly, if not, please get token and store it.
And if the token contains expiration time, you still need to check the if token is out of data and re-auth.
I have used this sample to integrate a bot in MS Teams
https://github.com/microsoft/BotBuilder-Samples/tree/main/samples/csharp_dotnetcore/46.teams-auth
I needed to configure a third party OAuth provider and had all sorts of trouble doing so. Thanks to a smart gentleman on another thread, I am now able to authenticate my user with such provider.
Here's a quick example of the conversation flow. Don't mind the buttons in French, Oui is Yes and Non is No. On first boot of the application, when I click on the Sign In button, my provider's authentication windows opens and shows the auth form just fine.
However, when it comes time to logout the user and I type "logout" as indicated within this code sample
If I type anything else to log back in, I am instantly showed that I'm logged in, the authentication window opens and closes instantly and my token remains obtainable. How do I go about actually clearing that token? I don't feel like this is the intended behaviour, as shown by the docs here:
Do I have to clear it manually? If so, how should I approach this?
Thanks for any help you can provide on this
Note: I have tried to revert back to the default sample, with an AzureAD v2 connection and the result is the same. I login just fine with my Azure AD account, but the token persists even after a logout.
EDIT
Following the sugestions, here are additional screenshots
This is some info from the Context object passed down to the Interrupt
This is the content of the AuthenticationContext available in the Context object above
Note that I get my Success when I call the logout endpoint that was suggested
We are integrating our app in the new Google Marketplace.
Our marketplace config in the developer console is ok.
Our oauth2/sso flow is ok (scopes match the ones setup in the console, auth params ok)
All users, when accessing our application through the Navigation bar, don't see any consent screen. All is perfect … except the following :
when an admin user is installing our application for his domain for the first time, he is presented with the domain consent screen displaying the scopes defined in our marketplace config, which is fine, he accepts and is presented with a button "Launch app". This link hit our server and a redirection is made to google auth in order to get the email and profile of that user. The redirection happens quickly that the admin is presented with yet another consent screen displaying the exact same scopes … which is bad.
If we wait 10 - 20 seconds before clicking the 'Launch app' button and after having accepted the scopes for the domain, the redirection to google auth is done and no consent screen is presented to the admin.
Are we missing something? Some sort of pooling technique with callback? "Sleeping"?
The same happens with other apps available on Google Apps Marketplace.
I installed several apps from Marketplace (Mavenlink, Lucidchart, etc), and they showed exactly the same result. I was prompted with consent screen immediately after installing them. A bit later, and I was let in without prompting.
It seems that the information on the installed app is not immediately propagated through Google system. There is a short delay between the time the administrator installs an app to his domain, and the time that app becomes available on his domain.
Most users wouldn't mind to wait a minute after the installation. Unfortunately, a reviewer at Google is not that forgiving. If he is quick enough to start your app immediately after the installation, your app will be caught asking for consent, for which it will be rejected from Marketplace. Too bad.
In my WP7.5 app, I have redirect the user to google web page where is asked to giving the app permissions to access to his account, user click yes, but it redirects to a page where there is the code and user is supossed to copy/paste that to my app.
The Response is
Please copy this code, switch to your application and paste it there:
4/3oHAHtqSk1CqA3S8HlEsuQRaE08e.4nCBpXhR-R8WgrKXntQAax02U4CwcgI - Auth code
I want to, when user press ok, return to my app with that code, is there any way to do that?
-SheikAbdullah
If you're using the Browser control, here's a great CodeProject article on how to do it:
Google OAuth2 on Windows Phone
How can one avoid to have to show this redirect_uri = "https://www.facebook.com/connect/login_success.html" each time you login with your WP7 app.
I have a share button in my app which should post content to the facebook page of the user that logged in. Currently when a user already has entered username/password they still get to see the white screen "login_success.html" first and then the item gets posted and it returns back to the app page.
How can you avoid this screen in the app flow ?
I am using the facebook sdk C# v6...
Thanks.
You can make your browser control invisible after you got the access tokens