Closed ghost closed 10 years ago
App user should only enter username and password at the login screen. Clientid is the GUID that you get at app registration from AAD UX portal. ClientId is not related to the user.
Maybe the scenario has been misunderstood. I don't forsee hard coding of the client_id. Rather, the application is downloaded from the Google Play Store (or any other Android app store) and the user configures it one time with client_id. The same generic app should be usable by thousands of different companies.
This is related to the MultiTenant app. Developer creates their app with their clientId. Other tenants can use this app, if it is allowed to use externally and user gave permission. You should not force users to enter clientid. It is all consent based.
Some old sample about multi tenant app: http://msdn.microsoft.com/library/azure/dn151789.aspx
Yes for web-based multi-tenant application, that is true.
However, the scenario I am talking about where user needs to enter client id is when a user downloads an application from Google Play Store
Here the native application will require the user to enter their own AD's client_id to access their own data.
To put it another way, where is the client_id being passed to your acquireToken call in your sdk coming from if not from the user? What I am asking for is a consent based framework for native application just like the multi-tenant web application you cite above.
Ok figured this out. Native applications are all enabled for external access. There is no separate configuration like the way it is for Web apps.
With the current mechanism, the app user has to manually enter a long complex string (a GUID?) which is the client id. This is painful to do on a small mobile/tablet screen without a keyboard.
There should be a way for the application to fetch the client_id by getting a one time authorization from the administrator/user.