I'm trying to create a SyncAdapter for Microsoft calendars and the first step is Authentication. i'm using com.microsoft.aad:adal:2.0.4-alphaand using this code for first authentication:
getAuthenticationContext().acquireToken(
mContextActivity,
Constants.SCOPES.split(" "),
null,
Constants.CLIENT_ID,
Constants.REDIRECT_URI,
PromptBehavior.Auto,
new AuthenticationCallback<AuthenticationResult>() {
#Override
public void onSuccess(final AuthenticationResult authenticationResult) {
if (authenticationResult != null && authenticationResult.getStatus() ==
AuthenticationResult.AuthenticationStatus.Succeeded) {
dependencyResolver = new ADALDependencyResolver(
getAuthenticationContext(),
resourceId,
Constants.CLIENT_ID);
token = authenticationResult.getToken();
UserInfo userInfo = authenticationResult.getUserInfo();
if (userInfo != null) {
userIdentifier = new UserIdentifier(userInfo.getUniqueId(),
UserIdentifier.UserIdentifierType.UniqueId);
}
}
}
#Override
public void onError(Exception t) {
Log.e("initialize", "onError : " + t.getMessage());
result.setException(t);
}
}
);
this works perfectly and after entering username and password i can get token.
BUT this is for sync adapter and at some point i need to get token silently. so i used this code:
public void getTokenSilent() {
getAuthenticationContext()
.acquireTokenSilent(Constants.SCOPES.split(" "),
Constants.CLIENT_ID,
userIdentifier,
new AuthenticationCallback<AuthenticationResult>() {
#Override
public void onSuccess(
AuthenticationResult authenticationResult) {
UserInfo userInfo = authenticationResult.getUserInfo();
}
#Override
public void onError(Exception e) {
Log.e("getTokenSilent", "onError : " + e.getMessage());
}
});
}
After executing this code i got the error:
AUTH_REFRESH_FAILED_PROMPT_NOT_ALLOWED Prompt is not allowed and failed to get token: ver:2.0.4-alpha
onError : Refresh token is failed and prompt is not allowed
how can i resolve this error and get or refresh token silently?
tnx in advance.
If you want to get the token silently, there are two ways for using Azure AD V2.0 endpoint.
First, acquire the access token and refresh token interactively, then get the access token in the cache or renew the access token using refresh token via acquireTokenSilent method.
Second is that the Azure AD V2.0 endpoint also support the Client Credentials flow(refer here) which normally used for the service daemon application. However the MSAL for android doesn't support this flow at present. You need to implement it yourself. You can follow this article about detail of this flow. And this flow only works for the Azure AD account.
Related
We want to integrate social login with aws. We get facebook token from facebook SDK then we pass it to AWS client. But It gives a below error.
Code:
AWSMobileClient.getInstance().initialize(SignUpActivity.this, new Callback<UserStateDetails>() {
#Override
public void onResult(UserStateDetails result) {
try {
AWSMobileClient.getInstance().federatedSignIn("graph.facebook.com", token,
new Callback<UserStateDetails>() {
#Override
public void onResult(final UserStateDetails userStateDetails) {
//Handle the result
Log.d("AA", "onResult: " + userStateDetails.getDetails());
}
#Override
public void onError(Exception e) {
Log.e("AAA", "sign-in error", e);
}
});
} catch (Exception e) {
}
}
#Override
public void onError(Exception e) {
}
});
Caused by: com.amazonaws.AmazonServiceException: 1 validation error detected: Value 'us-east-1_xxxxxxxx' at 'identityPoolId' failed to satisfy constraint: Member must satisfy regular expression pattern: [\w-]+:[0-9a-f-]+ (Service: AmazonCognitoIdentity; Status Code: 400; Error Code: ValidationException; Request ID: fd3202ef-abxx-xxxx-xx7c-xxxxxxxxxxx)
Please provide us a solution. Thanks in advance.
You're going to need to provide more details than that. What is your request to Cognito? It looks like you may be passing in the incorrect payload for the AWS request.
Check out the AWS Cognito User Pool Auth docs: https://docs.aws.amazon.com/cognito/latest/developerguide/cognito-userpools-server-contract-reference.html
I am trying to sign in to my android application using Microsoft Single Sign on, using MSAL implemenation as provided here.
In onCreate
mApp = new PublicClientApplication(this.getApplicationContext(), API.CLIENT_ID, API.AUTHORITY);
When the user presses "Sign in with Microsoft" option, I call the method to acquire token as
mApp.acquireToken(this, getResources().getStringArray(R.array.msal_scopes), getAuthInteractiveCallback());
After handling redirect request in onActivityResult, I grab the authentication response at the callback as
private AuthenticationCallback getAuthInteractiveCallback() {
return new AuthenticationCallback() {
#Override
public void onSuccess(AuthenticationResult authenticationResult) {
/* Successfully got a token, use it to call a protected resource */
accessToken = authenticationResult.getAccessToken();
Log.d("AuthSuccess"," "+accessToken);
}
#Override
public void onError(MsalException exception) {
/* Failed to acquireToken */
Log.d("AuthFail"," "+exception.getMessage());
if (exception instanceof MsalClientException) {
/* Exception inside MSAL, more info inside MsalError.java */
} else if (exception instanceof MsalServiceException) {
/* Exception when communicating with the STS, likely config issue */
}
}
#Override
public void onCancel() {
/* User canceled the authentication */
}
};
}
The problem is, AuthenticationResult object gives the access token, but not the refresh token. The object simply does not have refresh token as one of it's parameter. Do I need to further call another method to grab the refresh token as well? How does one get both access and refresh token from microsoft single sign on using MSAL?!
Currently, the library is not exposing the refresh token:
https://github.com/AzureAD/microsoft-authentication-library-for-android/issues/202
How do I implement oauth 2.0 in Android? I was able to obtain a token but
https://api.linkedin.com/v1/people/~:(email-address,first-name,last-name)?oauth2_access_token=
was not able to verify it. How do I send my client id as parameter? I used the following code to authenticate.
LISessionManager.getInstance(getApplicationContext()).init(this, buildScope(), new AuthListener() {
#Override
public void onAuthSuccess() {
LISessionManager liSessionManager = LISessionManager.getInstance(getApplicationContext());
handleLinkedIn(liSessionManager);
Log.d( "success", LISessionManager.getInstance(getApplicationContext()).getSession().getAccessToken().toString());
}
#Override
public void onAuthError(LIAuthError error) {
Toast.makeText(getApplicationContext(), "failed " + error.toString(), Toast.LENGTH_LONG).show();
}
}, true);
I used this method to obtain the access token.
LISessionManager.getInstance(getApplicationContext()).getSession().getAccessToken().toString()
That is not the correct access token that you are sending. See this example get access token from linkedIn
I am working with ADAL from
https://github.com/Azure-Samples/active-directory-android
My code mimics the sample very close
mAuthContext.acquireToken(ToDoActivity.this, Constants.RESOURCE_ID,
Constants.CLIENT_ID, Constants.REDIRECT_URL, Constants.USER_HINT,
new AuthenticationCallback<AuthenticationResult>() {
#Override
public void onError(Exception exc) {
if (mLoginProgressDialog.isShowing()) {
mLoginProgressDialog.dismiss();
}
Toast.makeText(getApplicationContext(),
TAG + "getToken Error:" + exc.getMessage(), Toast.LENGTH_SHORT)
.show();
navigateToLogOut();
}
#Override
public void onSuccess(AuthenticationResult result) {
if (mLoginProgressDialog.isShowing()) {
mLoginProgressDialog.dismiss();
}
if (result != null && !result.getAccessToken().isEmpty()) {
setLocalToken(result);
sendRequest();
} else {
navigateToLogOut();
}
}
});
I pass in the user's email address, but if the user changes it and uses a different one the ADAL library on the onSuccess never tells me the user changed it. The AuthenticationResult has a field calls mUserInfo that that should contain user's first name/last name email etc.
But for me every successful login mUserInfo=null.
Anyone know how to get ADAL to return a fully populated mUserInfo object?
thanks
Tom
Userinfo is constructed from the ID_token retuned from the server. In case of adfs blue (3.0), it does not return an ID_token and hence you cannot truly know what user signed in at the IDP. Adfs threshold supports ID_token if you can upgrade.
I am trying to login to firebase using google login. The google login is successful. After this I invoke authWithOAuthToken and I am getting below error.
Due to another authentication attempt, this authentication attempt was aborted before it could complete. Error Code = -5
Few other questions:
Do we need to call authWithOAuthToken at all (after google login)? I noticed I could add data to firebase database even without call.
If above is not required, how can I get uid (which is firebase user id same across providers). At present we can get this from AuthData.
Code Snippet Below.
baseFirebaseRef.authWithOAuthToken("google", oAuthTokenStr, new Firebase.AuthResultHandler() {
// #Override
public void onAuthenticated(AuthData authData) {
// the Google user is now authenticated with your Firebase app
Log.d(currentScreenName, "------On Firebase Authentication. Success");
}
// #Override
public void onAuthenticationError(FirebaseError firebaseError) {
// there was an error
Log.e(currentScreenName, "------Error On Firebase Authentication......." + firebaseError.getDetails() +
"Error Message = "+ firebaseError.getMessage() + " Error Code = "+ firebaseError.getCode()) ;
}
});
I called unauth() and then called authWithOAuthToken().