[Feature Request] Detect and support Easy Auth
See original GitHub issueThis issue is for a: (mark with an x
)
- [ ] bug report -> please search issues before submitting
- [x ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)
The issue was found for the following scenario:
Please add an ‘x’ for the scenario(s) where you found an issue
- Web app that signs in users
- [ x] with a work and school account in your organization: 1-WebApp-OIDC/1-1-MyOrg
- [ x] with any work and school account: /1-WebApp-OIDC/1-2-AnyOrg
- [ x] with any work or school account or Microsoft personal account: 1-WebApp-OIDC/1-3-AnyOrgOrPersonal
- [x ] with users in National or sovereign clouds 1-WebApp-OIDC/1-4-Sovereign
- with B2C users 1-WebApp-OIDC/1-5-B2C
- Web app that calls Microsoft Graph
- [ x] Calling graph with the Microsoft Graph SDK: 2-WebApp-graph-user/2-1-Call-MSGraph
- With specific token caches: 2-WebApp-graph-user/2-2-TokenCache
- Calling Microsoft Graph in national clouds: 2-WebApp-graph-user/2-4-Sovereign-Call-MSGraph
- Web app calling several APIs 3-WebApp-multi-APIs
- Web app calling your own Web API 4-WebApp-your-API
- Web app restricting users
- by Roles: 5-WebApp-AuthZ/5-1-Roles
- by Groups: 5-WebApp-AuthZ/5-2-Groups
- Deployment to Azure
- Other (please describe)
Repro-ing the issue
Repro steps
Enable AAD authentication with Easy Auth (on an App Service). See https://docs.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-auth-aad
Expected behavior
- The Web App should sign-in the user that was authenticated with Easy Auth (by using the X-MS-TOKEN-AAD-ID-TOKEN, and possibly X-MS-TOKEN-PRINCIPAL-NAME
- The Web App should be able to call any Web Apis from the refresh token provided by Easy Auth (using MSAL.NET AcquireTokenByRefreshToken)
Actual behavior
Does not work as 2 validations occur
Possible Solution
Additional context/ Error codes / Screenshots
Open question How to validate the refresh token? we could validate the Access token and require both …
Issue Analytics
- State:
- Created 4 years ago
- Comments:5 (1 by maintainers)
Top Results From Across the Web
Authentication and authorization - Azure App Service
Azure App Service provides built-in authentication and authorization capabilities (sometimes referred to as "Easy Auth"), so you can sign in ...
Read more >Securing Azure Functions using “Easy Auth” and app roles
App needs to only check whether as specific role claim is present in a request to authorize it. Also in this approach, AD...
Read more >Tutorial: Authenticate users E2E - Azure App Service
This tutorial shows how to secure your apps with App Service authentication and authorization. It uses an Express.js with views.
Read more >Easy Auth for Azure App Service - Parveen Singh
Simplify the Authentication and Authorization for your web app using Azure Authentication Providers.
Read more >How do I submit a feature request to Duo?
Duo Administrators, including those on Duo Free, may submit a feature request by contacting the Duo Support team. Learn more about how to...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Included in 1.2.0 release.
I looked at UseAzureAppServices() and it’s only for logging (cc: @navyasric)
See also http://jsandersblog.azurewebsites.net/2020/01/17/easy-auth-using-x-ms-token-aad-access-token-as-a-bearer-token/