Tuesday, 16 July 2019

azure ad


这个可能有用
https://blogs.msdn.microsoft.com/appconsult/2018/06/27/using-microsoft-graph-in-an-azure-function/



https://docs.microsoft.com/en-us/azure/active-directory/develop/index




user azure ad b2c  to add login for your app......

but what is b2c?    it can use facebook id. i guess it can use outlook account as well?

https://docs.microsoft.com/en-us/azure/active-directory-b2c/
https://docs.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-tutorials-web-app
https://docs.microsoft.com/en-us/azure/active-directory-b2c/tutorial-create-user-flows


Another doc:

below image should help you to make discussion on which auth you should use.





most of new applications(web) are could applications, so you need to use openID an oAuth.

https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-v2-libraries
https://docs.microsoft.com/en-us/azure/active-directory/develop/index


Tenant (single or multi)

https://docs.microsoft.com/en-us/azure/active-directory/develop/single-and-multi-tenant-apps


------------

if it is azure web services app, then use easyauth

this is very easy, just couple of clicks.
https://stackoverflow.com/questions/41993032/sso-using-outlook-com-accounts-to-login-to-azure-ad
detail settings are:

https://docs.microsoft.com/en-us/azure/app-service/overview-authentication-authorization
https://docs.microsoft.com/en-us/azure/app-service/configure-authentication-provider-aad

https://docs.microsoft.com/en-us/azure/app-service/containers/tutorial-auth-aad



i just did




once users access my website, then they will see the outlook login window, once logged in then they will see a permission screen (like android):







how to do authorization.
still didn't find it.


https://docs.microsoft.com/en-us/azure/app-service/containers/tutorial-auth-aad



how to get email address of the login user?

if you use microsoft log:
https://blogs.msdn.microsoft.com/kaushal/2016/04/01/azure-web-apps-how-to-retrieve-user-email-in-the-claim-when-using-microsoft-account-as-a-provider-in-easy-auth/

if you use azure ad:
https://stackoverflow.com/questions/36576863/get-logged-in-user-with-azure-web-apps-auth
1. you can add a header in your request, then you can get it in the response/
2. or you can call this url: https://yourappname.azurewebsites.net/.auth/me  all info are here.  property explaination: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims
3. use nodejs package : https://github.com/AzureADQuickStarts/WebApp-OpenIDConnect-NodeJS#5-create-the-views-and-routes-in-express-to-display-our-user-in-the-website
4. or just use postman:  https://winsmarts.com/how-to-call-the-userinfo-endpoint-in-azuread-6ff769567a5a

but it just give you name and email address.

other user profile e.g. job title
B2C, don't know what is that.
https://stackoverflow.com/questions/44481739/azure-easy-auth-api
https://cgillum.tech/category/easy-auth/
https://docs.microsoft.com/en-us/azure/active-directory-b2c/

maybe graph api?:
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-graph-api-quickstart
https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims
https://docs.microsoft.com/en-us/azure/architecture/multitenant-identity/claims


user easy auth with custom backend.

https://blogs.msdn.microsoft.com/mihansen/2018/03/25/azure-active-directory-authentication-easy-auth-with-custom-backend-web-api/








3 comments: