OneDrive / onedrive-sdk-csharp

OneDrive SDK for C#! https://dev.onedrive.com
Other
293 stars 143 forks source link

Specify the user to authenticate #216

Closed tipa closed 7 years ago

tipa commented 7 years ago

In my app I want my users to choose the OneDrive account to work with.

Currently, the account the user is signed in on the device is used without an option to change it. I already googled that issue and looked though the issues here and on the onedrive-sdk-dotnet-msa-auth-adapter-repo, without success

daboxu commented 7 years ago

hi @tipa , for selecting both OneDrive Consumer (aks personal) and OneDrive for Business account, I think the MSAL library should work for you because it hits the AAD Oauth V2 endpoint which provides UI for user to choose their personal or business account. In addition, probably you want to user the Graph SDK as well.

tipa commented 7 years ago

Thanks @daboxu, thanks for your response! I don't want to necessarily allow Business accounts (maybe at a later point) but I want to allow the user to choose from his personal accounts (e.g. when he is logged in on his phone with a Business account). Currently I am using the Authentication Adapter for the OneDrive SDK, very easy to use. However, it is always logging in the account the user is currently logged in. I will give your suggestion of the MSAL library a try. Is this an alternative way of authenticating for OneDrive, a newer approach or something else (compared to the MSA Auth Adapter)? Sorry, it's pretty confusing with all those different names (AD, MSAL, Graph, MSA,...) for someone who isn't deep into the topic...

daboxu commented 7 years ago

hi @tipa , probably you can apply a signout browser first because the login page stored user cookie and reuse it if a user has logined before, use desktop app as example:

    await msaAuthProvider.SignOutOfBrowserAsync();
    // browser has cleared the cookie.
    await msaAuthProvider.AuthenticateUserAsync();

NOTE In a word, MSAL and Graph SDK are the direction the MSA Auth Adapter and the OneDrive C# SDK are moving to. The MSA Auth Adapter is the adapter we built for providing authentication for personal and business account separately, as you know there is a MSAAuthProvider for personal account and a ADALAuthProvider for business account. We leave the identify account type logic to developers which do require your efforts, and later as the OAuth service evolves, the identify logic is a part of Azure AD OAuth V2 which supports both personal account and business account. So MSAL and Graph API are the Auth Library and the Service relies on Azure AD V2. As the AD OAuth V2 and Graph unified the application access, and OneDrive API is integrated into Graph API, I would suggest you keeping eyes on the MSAL and Graph SDK for C#.

daboxu commented 7 years ago

close for now and feel free to reopen it if you still have this issue.

tipa commented 7 years ago

Thanks for your comprehensive answer. I will try out your suggestion with the removal of the browser cookies. I also tried the Graph Library in combination with the prerelease auth MSAL library, more specifically I tried out this example but encountered a bunch of issues:

That all says me that this seems to be in an early preview still so I stick with the current OneDrive SDK but will keep my eyes on the new one

daboxu commented 7 years ago

thanks your feedbacks! Yes we do have a long way to go. For 1) newtonsoft.json reference, feel free to report it on the Graph C# SDK issues. 2) auth token probably you want notice the owner of MSAL here. 3) I think I have a backlog for the permission issue, sorry for the inconvenience right now, will be back if it is solved.