Questions about Enterprise Auth template

[alexrainman]

Why is it tied to Kinvey?

I want do SSO with Azure AD same as i do using Microsoft ADAL libraries with these parameters:

• Authority (https://login.microsoftonline.com/tenantid)
• GraphResourceUri (default: https://graph.windows.net)
• ReturnUri (or redirect url)
• domain_hint=somedomain.com

Will the template be available in TypeScript? No Angular?

[teobugslayer]

Hello Alex,

The team released the template versions for JavaScript and TypeScript - please try them and give us your feedback!

About using Azure AD - it is not possible currently to use these arguments, but this is on our roadmap for the near future.

About why it is tied to Kinvey - because we wanted to make enterprise authentication workflows easy for mobile app developers and Kinvey's infrastructure already delivered this. Kinvey and Telerik are both owned by Progress and it is natural to combine the strengths of our products into a single offering.

[teobugslayer]

Hello @alexrainman,

I got an update.

Currently we do support authority and redirect uri. 'Authority' is the same as the grant endpoint in the OAuth2 configuration. The redirect uri is also a configurable option in our oauth2 configuration. For this, you would need to set your Identity Provider to accept the redirect URI of "https://auth.kinvey.com/oauth2/redirect". Then in your Sidekick OAuth2 Configuration, you can add your client redirect URIs. We currently do not support GraphResourceUri and Domain_Hint. We are currently investigating what it would take to be able to include those and will provide an update within a couple of weeks.

[alexrainman]

@teobugslayer still don't know what to put on all the fields oauth2 requires. Can you provide screenshot?

[alexrainman]

For example: Azure AD doesn't provides "Client Secret" and its required by your OAuth2 template.

[alexrainman]

And i get error when i provide all the fields and a fake Client Secret. I think you guys may provide an extra option for Azure AD with the required fields for it to work. To get that done you may integrate ADAL native libraries instead of using Kinvey. Here's a plugin: https://github.com/NavaraBV/nativescript-adal but you maybe be able to make it better.

[alexrainman]

Here you have some C# code snippets on how to invoke a login using ADAL:

const string Authority = "https://login.windows.net/common";
const string GraphResourceUri = "https://graph.windows.net"; // or a graph registered back-end url the app will access
const string cliendId = "1ff78c4b-414f-44c7-834b-XXXXXXX";
const string ReturnUri = "http://demo-redirect"; // it can be any url even a fake one :)
const string domain_hint = "domain_hint=yourdomain.com"; // this is the domain of the identity provider

iOS:

public async Task<AuthenticationResult> Authenticate()
{
      var authContext = new AuthenticationContext(Authority);
      if (authContext.TokenCache.ReadItems().Any())
          authContext = new AuthenticationContext(authContext.TokenCache.ReadItems().First().Authority);
      var controller = UIApplication.SharedApplication.KeyWindow.RootViewController;
      var uri = new Uri(ReturnUri);
      var platformParams = new PlatformParameters(controller);
      var authResult = await authContext.AcquireTokenAsync(GraphResourceUri, clientId, uri, platformParams, UserIdentifier.AnyUser, domain_hint);
      return authResult;
}

Android:

public async Task<AuthenticationResult> Authenticate()
{
      var authContext = new AuthenticationContext(Authority);
      if (authContext.TokenCache.ReadItems().Any())
          authContext = new AuthenticationContext(authContext.TokenCache.ReadItems().First().Authority);
      var activity = (Activity)Application.Context;
      var uri = new Uri(ReturnUri);
      var platformParams = new PlatformParameters(activity);
      var authResult = await authContext.AcquireTokenAsync(GraphResourceUri, clientId, uri, platformParams, UserIdentifier.AnyUser, domain_hint);
      return authResult;
}