search

AzureAD / azure-activedirectory-library-for-objc

The ADAL SDK for Objective C gives you the ability to add support for Work Accounts to your iOS and macOS applications with just a few lines of additional code. This SDK gives your application the full functionality of Microsoft Azure AD, including industry standard protocol support for OAuth2, Web API integration with user level consent, and two factor authentication support.
MIT License
177 stars 113 forks source link

Couldnt able to get Policy list using accesstoken Generated from MSAL library #1567

Closed sw-tt-rumitkkhakhi closed 3 years ago

sw-tt-rumitkkhakhi commented 3 years ago

Hello All,

I am using MSAL library to authenticate the user and also we are using C++ library to get the Policylist. We are passing accesstoken in C++ library which is generated from MSAL. But i can not get the policy list. I am getting below error from C++ SDK,

ERROR - Unexpected exception: 'The service didn't accept the auth token. Challenge:['']' Program ended with exit code: 255

Also I have passed below scope when authentiate the user.

let kScopes: [String] = ["https://graph.microsoft.com/.default"]

Please let me know what i have to do to resolve it.

Note: Also if we are parsing accesstoken generated from ADAL library to C++ SDK, it's works. We also noticed that length of accesstoken generated from MSAL and ADAL are different.

Thanks, Rumit

antrix1989 commented 3 years ago

Hi @sw-tt-rumitkkhakhi , which C++ library do you use?

sw-tt-rumitkkhakhi commented 3 years ago

Hello Sergery,

We are creating MacOS app and we have downloaded “mip_sdk_macos_1.7.145.tar.gz” and using it for our development.

There are 3 parts of “mip_sdk_macos_1.7.145.tar.gz” when we unzipped it.

1) file 2) protection 3) upe

So we have created a MacOS sample where we have integrated 3rd option “upe” classes to get policy list initially.

We have integrated MSAL framework in our MacOS app to authenticate the user and if user is authenticated successfully then we are using access-token (Generated using MSAL token) to get PolicyList using above sample code. We are passing token to above code instead of using username and password. I have added below scope with authentication in MSAL code.

let kScopes: [String] = ["https://graph.microsoft.com/.default”]

but we can’t get policy-list from above sample code link as it is throwing error like

ERROR - Unexpected exception: 'The service didn't accept the auth token. Challenge:['']'

So, Why we can not use MSAL access-token in MIP SDK ?

Using ADAL framework

Also we noticed that if we authenticate using ADAL framework and if we use access-token generated using ADAL and pass to above sample code (upe) we are successfully getting the policyList.

Also another thing we noticed that if we use use ADAL framework to authenticate the user and getting policy list successfully if we use same ADAL access token to protect the file, we can’t. Please suggest as we are stuck on every part in development using this C++ SDK.

We are looking for your reply.

Thanks, Rumit

sw-tt-rumitkkhakhi commented 3 years ago

Hello

Any update on it ? I want to move forward with this sdk.

sw-tt-rumitkkhakhi commented 3 years ago

I am waiting for your reply. Can you please give us any suggestion on this ? We are still facing this issue.

antrix1989 commented 3 years ago

Hi @sw-tt-rumitkkhakhi, so you are using Microsoft Information Protection SDK. Please change your kScopes constant. It should be: <your resource>/.default

See the example here.

ameyapat commented 3 years ago

@sw-tt-rumitkkhakhi Closing issue for now. Please reopen if the issue is still there.