Azure Active Directory
Azure Active directory has two OAuth endpoints - v1 and v2. Ideally, you'd want to use v2, but it has some limitations, e.g. if your application relies on SAML, you'll have to use v1.
V1
The main difference between v1 and v2 is that v1 uses resources and v2 uses scopes for access management.
V1 does not specify a revocation endpoint because the access token are not revokable. Therefore revoke
functionality doesn't work.
See the Azure docs on requesting an access token for more info on additional parameters.
Please Note:
Scopes
is ignored.additionalParameters.resource
may be required based on the tenant settings.
const config = {
issuer: 'https://login.microsoftonline.com/your-tenant-id',
clientId: 'your-client-id',
redirectUrl: 'com.myapp://oauth/redirect/',
additionalParameters: {
resource: 'your-resource',
},
};
// Log in to get an authentication token
const authState = await authorize(config);
// Refresh token
const refreshedState = await refresh(config, {
refreshToken: authState.refreshToken,
});
V2
The V2 endpoint follows the standard OAuth protocol with scopes. Detailed documentation here.
const config = {
issuer: 'https://login.microsoftonline.com/your-tenant-id/v2.0',
clientId: 'your-client-id',
redirectUrl: 'com.myapp://oauth/redirect/',
scopes: ['openid', 'profile', 'email', 'offline_access'],
};
// Log in to get an authentication token
const authState = await authorize(config);
// Refresh token
const refreshedState = await refresh(config, {
refreshToken: authState.refreshToken,
});
Important When you add your app in the azure portal and are given a redirectUrl
to use, make sure you add a trailing slash when you add it to your config - e.g. msauth.BUNDLEID://auth/
- failure to add that causes it to fail in IOS.
Logout: To properly implement the logout
functionality, please refer to the necessary requirements outlined in this comment.