Microsoft account with MicrosoftAccountAuthenticationOptions does not seem to work
See original GitHub issueI understand Microsoft updated their APIs recently, I created a new app at https://apps.dev.microsoft.com
Application Id: 388e0946-5fa0-4143-8e7a-97141200f6a6 Password: obu****************************
Platforms: Web Allow Implicit Flow: YES Redirect URIs: https://localhost:44300/ signin-microsoft https://ufotoday.com/ signin-microsoft
Microsoft Graph Permissions: User.Read Application Permissions: Profile
I did not use “generate new key pair” (not sure what is it for)
I know that before it was not possible to test on localhost, this is tested live on UFOToday.com, but I keep getting “access denied”,
response_type=code seems suspicious, I would think code maybe replaced with something else (not sure) see https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-scopes#using-permissions
I noticed that the name of the scope changed from wl.emails wl.birthday, so I’m just trying with what I saw in the example code “openid email profile” (otherwise it’s breaking)
My code:
// https://account.live.com/developers/applications
// https://docs.microsoft.com/en-us/aspnet/core/security/authentication/social/microsoft-logins
var microsoftAuthOptions = new MicrosoftAccountAuthenticationOptions();
microsoftAuthOptions.ClientId = currentPortalProviders.MicrosoftLiveClientId;
microsoftAuthOptions.ClientSecret = currentPortalProviders.MicrosoftLiveClientSecret;
microsoftAuthOptions.CallbackPath = new PathString("/signin-microsoft");
// See https://azure.microsoft.com/documentation/articles/active-directory-v2-scopes/
microsoftAuthOptions.Scope.Add("openid");
microsoftAuthOptions.Scope.Add("email");
microsoftAuthOptions.Scope.Add("profile");
microsoftAuthOptions.Provider = new MicrosoftAccountAuthenticationProvider()
{
OnAuthenticated = (context) =>
{
context.Identity.AddClaim(new Claim("urn:microsoft:access_token", context.AccessToken));
var expiryDuration = context.ExpiresIn ?? new TimeSpan();
context.Identity.AddClaim(new Claim("urn:microsoft:expires_in", DateTime.UtcNow.Add(expiryDuration).ToString(CultureInfo.InvariantCulture)));
if (context.Email != null) context.Identity.AddClaim(new Claim("urn:microsoft:email", context.Email));
if (context.Id != null) context.Identity.AddClaim(new Claim("urn:microsoft:id", context.Id));
if (context.Name != null) context.Identity.AddClaim(new Claim("urn:microsoft:name", context.Name));
if (context.FirstName != null) context.Identity.AddClaim(new Claim("urn:microsoft:first_name", context.FirstName));
if (context.LastName != null) context.Identity.AddClaim(new Claim("urn:microsoft:last_name", context.LastName));
// Add all other available claims
foreach (var claim in context.User)
{
var claimType = string.Format("urn:microsoft:{0}", claim.Key);
var claimValue = claim.Value.ToString();
if (!context.Identity.HasClaim(claimType, claimValue))
context.Identity.AddClaim(new Claim(claimType, claimValue, "XmlSchemaString", "Microsoft"));
}
return Task.FromResult(0);
}
};
app.UseMicrosoftAccountAuthentication(microsoftAuthOptions);
This is what I’m getting:
Request URL:https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=388e0946-5fa0-4143-8e7a-97141200f6a6&scope=openid email profile&response_type=code&redirect_uri=https%3A%2F%2Fufotoday.com%2F signin-microsoft &state=-LhKxD2fwHXxpUcr5oJWrQdXxe-mOJoKhW0U4UJZE6C7y8ALp5XHyz5OgDp8EDeIoVg4jLis-bayiQ-kU0GctuaGMT3ltbNPI7oRFdB_KhExHeLsy3a3WSLOUIOKDmq8exIxuc5nzgOCyHuLxoMvdZVk7DpsQ7Pc2BGiJKJ_GpBMXtlALCtsn7BHfVrT9IjlBLe0I0z66XS_XUub4W4OYA Request Method:GET Status Code:200 OK Remote Address:23.100.32.136:443 Referrer Policy:no-referrer-when-downgrade
Request URL:https://login.live.com/oauth20_authorize.srf?client_id=388e0946-5fa0-4143-8e7a-97141200f6a6&scope=openid email profile&response_type=code&redirect_uri=https%3A%2F%2Fufotoday.com%2F signin-microsoft &state=-LhKxD2fwHXxpUcr5oJWrQdXxe-mOJoKhW0U4UJZE6C7y8ALp5XHyz5OgDp8EDeIoVg4jLis-bayiQ-kU0GctuaGMT3ltbNPI7oRFdB_KhExHeLsy3a3WSLOUIOKDmq8exIxuc5nzgOCyHuLxoMvdZVk7DpsQ7Pc2BGiJKJ_GpBMXtlALCtsn7BHfVrT9IjlBLe0I0z66XS_XUub4W4OYA&login_hint=yovavgad%40gmail.com&ui_locales=en-US&display=page&uaid=aedea0ead6e94294a42ad04754ced973&issuer=mso&tenant=common&msproxy=1 Request Method:GET Status Code:302 Found Remote Address:131.253.61.96:443 Referrer Policy:no-referrer-when-downgrade
Request URL:https://ufotoday.com/ signin-microsoft ?code=Mde1a1f82-19ea-afb6-faed-6492578ef127&state=-LhKxD2fwHXxpUcr5oJWrQdXxe-mOJoKhW0U4UJZE6C7y8ALp5XHyz5OgDp8EDeIoVg4jLis-bayiQ-kU0GctuaGMT3ltbNPI7oRFdB_KhExHeLsy3a3WSLOUIOKDmq8exIxuc5nzgOCyHuLxoMvdZVk7DpsQ7Pc2BGiJKJ_GpBMXtlALCtsn7BHfVrT9IjlBLe0I0z66XS_XUub4W4OYA Request Method:GET Status Code:302 Remote Address:52.183.33.89:443 Referrer Policy:no-referrer-when-downgrade
Request URL:https://ufotoday.com/signup-connect?error=access_denied Request Method:GET Status Code:302 Remote Address:52.183.33.89:443 Referrer Policy:no-referrer-when-downgrade
Does it work for anyone else?
Issue Analytics
- State:
- Created 6 years ago
- Reactions:2
- Comments:30 (7 by maintainers)
Top GitHub Comments
Facing same issue here 😞
There is no update currently scheduled for v3.1 to include this in.