Open whoisj opened 9 years ago
ethomson
commented
9 years ago Neat. I'm not super familiar with ADAL. Does it work in Xamarin? Keeping this running in Xamarin and the various PCL profiles is high-priority, so I would like to make sure that it works. If not, then we can either:
I'm not sure which makes the most sense.
ethomson
commented
9 years ago See for example #11 which seems reasonable. If you had opinions on that PR it would be nice, I was getting ready to merge it. :)
whoisj
commented
9 years ago OAuth tokens should be supported. They're a good thing, but they are unscoped; meaning they represent a user account - regardless of domain or usage. They are very powerful tokens.
Session tokens can be scoped and limited in both domain and time. Session tokens allow an app to say things like: "I need to be user_xyz and have access to pull-requests until the end of the month".
In nearly any situation it is better to have a scoped and/or limited version of yourself presented.
As for ADAL, it supports everything - I think. There are likely issues with 2FA flows on Xamarian but I've never actually tried. The Azure folks have been very serious about supporting as many platforms as possible. https://github.com/AzureAD
jasminsehic
commented
5 years ago @gistofj not sure how valid this is today, if it is valid I would be happy to support a PR for this.
Visual Studio Online now has support for scoped access tokens. If Infinity.NET supported them, then there would be no need for any complex authentication protocol support. It would involve a dependency on the Azure Directory Authentication Libraries (ADAL).
If that's allowed, I can help by adding in the required things to support session tokens.