SaurabhSharma-MSFT
commented
4 years ago @AirLancer Thanks for your feedback! We will investigate and update as appropriate.
Closed AirLancer closed 3 years ago
SaurabhSharma-MSFT
commented
4 years ago @AirLancer Thanks for your feedback! We will investigate and update as appropriate.
SaurabhSharma-MSFT
commented
4 years ago @AirLancer Have you given your native app access to the web API from Azure AD Application registration blade. Reference
AirLancer
commented
4 years ago @SaurabhSharma-MSFT Thanks for you suggestion. Yes I have given the native app access. Just to be sure, I just deleted it and set it up again, to no avail.
Not sure if this is relevant, but the sign in logs show successful sign-ins on the Native App:
The SecretApi show no sign in attempts. Only those I've done through a browser.
AirLancer
commented
4 years ago @SaurabhSharma-MSFT I figured out a way to make it work. I'm not sure whether it is a workaround or just the way to do it: What I changed was the AAD instance to:
$"https://login.microsoftonline.com/{TenantId}/v2.0"Not the v2.0 at the end. And what was missing is a proper explanation what needs to be added as the scope:
$"{AppProxyAppId}/user_impersonation"where the 'AppProxyAppId' is the Application Id of the application proxy app.
On the server side in the native app setting in 'App Registration', I added 'Mobile and desktop' application and checked the MSAL redirect URI (which I than also used as redirect URI in the code of the sample app of course).
NB: The code in the screenshot of the tutorial does not match the code in the linked sample app. But I guess it is close enough to understand what needs to be filled out.
kenwith
commented
4 years ago kenwith
commented
3 years ago Thank you for the feedback in improving the doc and explanation on your findings. I have added this item to our writing backlog so we can prioritize doc updates.
Hi,
I followed the tutorial step by step but I can't access my SecretAPI behinde the App Proxy. The authentication works fine, I get an AuthenticationResult containing an Access- and ID-Token (both the same). But when I try to access the API the response returns that JavaScript is required (see first screenshot). The MessageBox in the NativeClient Form1.cs also doesn't show up. I guess it doesn't like the HTML in the response.Content. (I checked the message box with a test string just to be sure it works at all: it does.)
In line with the JavaScript requirement, if I access the API through my browser it works just fine.
I didn't change any of the sample code other that required values in the App.config file.
Any pointer as to what I'm doing wrong would be greatly appreciated.
I added a screenshot of where I set a breakpoint to the response as well as on showing the Request Message.
JavaScript-Required-Error-Message
Break Point
Request Message
And the message itself: "Method: GET, RequestUri: 'https://login.microsoftonline.com/ff051c73-2763-4a98-bd81-52f7a330504f/oauth2/authorize?response_type=code&client_id=8eb04204-cceb-4c45-9cf7-614137265d9c&scope=openid&nonce=0be058b7-4479-47d4-a4ae-7f6e7fe6e445&redirect_uri=https:%2f%2fauthexamplesecretapi-mariosansoneatos.msappproxy.net%2f&state=AppProxyState:{\"InvalidTokenRetry\":true%2c\"IsMsofba\":false%2c\"OriginalRawUrl\":\"https:%5c%2f%5c%2fauthexamplesecretapi-mariosansoneatos.msappproxy.net%5c%2fapi%5c%2fvalues%5c%2f4\"%2c\"RequestProfileId\":\"f5af0f89-595b-4122-9c02-56bb359a334b\"}%23EndOfStateParam%23&client-request-id=be2ad04b-51c1-470d-b292-614fff2dabad', Version: 1.1, Content:, Headers:\r\n{\r\n Authorization: Bearer
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.