Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Microsoft account with MicrosoftAccountAuthenticationOptions does not seem to work
See original GitHub issueI understand Microsoft updated their APIs recently, I created a new app at https://apps.dev.microsoft.com
Application Id: 388e0946-5fa0-4143-8e7a-97141200f6a6 Password: obu****************************
Platforms: Web Allow Implicit Flow: YES Redirect URIs: https://localhost:44300/ signin-microsoft https://ufotoday.com/ signin-microsoft
Microsoft Graph Permissions: User.Read Application Permissions: Profile
I did not use “generate new key pair” (not sure what is it for)
I know that before it was not possible to test on localhost, this is tested live on UFOToday.com, but I keep getting “access denied”,
response_type=code seems suspicious, I would think code maybe replaced with something else (not sure) see https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-scopes#using-permissions
I noticed that the name of the scope changed from wl.emails wl.birthday, so I’m just trying with what I saw in the example code “openid email profile” (otherwise it’s breaking)
My code:
// https://account.live.com/developers/applications
// https://docs.microsoft.com/en-us/aspnet/core/security/authentication/social/microsoft-logins
var microsoftAuthOptions = new MicrosoftAccountAuthenticationOptions();
microsoftAuthOptions.ClientId = currentPortalProviders.MicrosoftLiveClientId;
microsoftAuthOptions.ClientSecret = currentPortalProviders.MicrosoftLiveClientSecret;
microsoftAuthOptions.CallbackPath = new PathString("/signin-microsoft");
// See https://azure.microsoft.com/documentation/articles/active-directory-v2-scopes/
microsoftAuthOptions.Scope.Add("openid");
microsoftAuthOptions.Scope.Add("email");
microsoftAuthOptions.Scope.Add("profile");
microsoftAuthOptions.Provider = new MicrosoftAccountAuthenticationProvider()
{
OnAuthenticated = (context) =>
{
context.Identity.AddClaim(new Claim("urn:microsoft:access_token", context.AccessToken));
var expiryDuration = context.ExpiresIn ?? new TimeSpan();
context.Identity.AddClaim(new Claim("urn:microsoft:expires_in", DateTime.UtcNow.Add(expiryDuration).ToString(CultureInfo.InvariantCulture)));
if (context.Email != null) context.Identity.AddClaim(new Claim("urn:microsoft:email", context.Email));
if (context.Id != null) context.Identity.AddClaim(new Claim("urn:microsoft:id", context.Id));
if (context.Name != null) context.Identity.AddClaim(new Claim("urn:microsoft:name", context.Name));
if (context.FirstName != null) context.Identity.AddClaim(new Claim("urn:microsoft:first_name", context.FirstName));
if (context.LastName != null) context.Identity.AddClaim(new Claim("urn:microsoft:last_name", context.LastName));
// Add all other available claims
foreach (var claim in context.User)
{
var claimType = string.Format("urn:microsoft:{0}", claim.Key);
var claimValue = claim.Value.ToString();
if (!context.Identity.HasClaim(claimType, claimValue))
context.Identity.AddClaim(new Claim(claimType, claimValue, "XmlSchemaString", "Microsoft"));
}
return Task.FromResult(0);
}
};
app.UseMicrosoftAccountAuthentication(microsoftAuthOptions);
This is what I’m getting:
Request URL:https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=388e0946-5fa0-4143-8e7a-97141200f6a6&scope=openid email profile&response_type=code&redirect_uri=https%3A%2F%2Fufotoday.com%2F signin-microsoft &state=-LhKxD2fwHXxpUcr5oJWrQdXxe-mOJoKhW0U4UJZE6C7y8ALp5XHyz5OgDp8EDeIoVg4jLis-bayiQ-kU0GctuaGMT3ltbNPI7oRFdB_KhExHeLsy3a3WSLOUIOKDmq8exIxuc5nzgOCyHuLxoMvdZVk7DpsQ7Pc2BGiJKJ_GpBMXtlALCtsn7BHfVrT9IjlBLe0I0z66XS_XUub4W4OYA Request Method:GET Status Code:200 OK Remote Address:23.100.32.136:443 Referrer Policy:no-referrer-when-downgrade
Request URL:https://login.live.com/oauth20_authorize.srf?client_id=388e0946-5fa0-4143-8e7a-97141200f6a6&scope=openid email profile&response_type=code&redirect_uri=https%3A%2F%2Fufotoday.com%2F signin-microsoft &state=-LhKxD2fwHXxpUcr5oJWrQdXxe-mOJoKhW0U4UJZE6C7y8ALp5XHyz5OgDp8EDeIoVg4jLis-bayiQ-kU0GctuaGMT3ltbNPI7oRFdB_KhExHeLsy3a3WSLOUIOKDmq8exIxuc5nzgOCyHuLxoMvdZVk7DpsQ7Pc2BGiJKJ_GpBMXtlALCtsn7BHfVrT9IjlBLe0I0z66XS_XUub4W4OYA&login_hint=yovavgad%40gmail.com&ui_locales=en-US&display=page&uaid=aedea0ead6e94294a42ad04754ced973&issuer=mso&tenant=common&msproxy=1 Request Method:GET Status Code:302 Found Remote Address:131.253.61.96:443 Referrer Policy:no-referrer-when-downgrade
Request URL:https://ufotoday.com/ signin-microsoft ?code=Mde1a1f82-19ea-afb6-faed-6492578ef127&state=-LhKxD2fwHXxpUcr5oJWrQdXxe-mOJoKhW0U4UJZE6C7y8ALp5XHyz5OgDp8EDeIoVg4jLis-bayiQ-kU0GctuaGMT3ltbNPI7oRFdB_KhExHeLsy3a3WSLOUIOKDmq8exIxuc5nzgOCyHuLxoMvdZVk7DpsQ7Pc2BGiJKJ_GpBMXtlALCtsn7BHfVrT9IjlBLe0I0z66XS_XUub4W4OYA Request Method:GET Status Code:302 Remote Address:52.183.33.89:443 Referrer Policy:no-referrer-when-downgrade
Request URL:https://ufotoday.com/signup-connect?error=access_denied Request Method:GET Status Code:302 Remote Address:52.183.33.89:443 Referrer Policy:no-referrer-when-downgrade
Does it work for anyone else?
Issue Analytics
- State:
- Created 6 years ago
- Reactions:2
- Comments:30 (7 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Facing same issue here 😞
There is no update currently scheduled for v3.1 to include this in.