How to integrate Azure AD SSO in flutter app - authentication

I want to add authentication with SSO using azure AD in flutter app.But I didn't find any helpful doc for integration with flutter.So any suggestion will be of great help.

Currently, there is no native SDK for Flutter to integrate with AAD.
Here is a Flutter OAuth package for performing user authentication against Azure Active Directory OAuth2 V2.0 endpoint.
Regarding Single sign-on, you can refer to this document.

I'm not sure, if you are still looking. May be this will be useful for others. Build Azure B2C service authentication
https://github.com/MaikuB/flutter_appauth
Full application code can be found here https://nicksnettravels.builttoroam.com/connecting-flutter-to-azure-ms-ignite/

Related

Blazor Client (webassembly) Facebook or Google login

I know it isn't a specific issue, but can you give me any guideline how to create Facebook or Google login for Blazor Client (Webassembly) app?
I emphasize Client (so not Server!) because it is exist and working well.
Or just tell me that it is possible? And need I use the server (asp.net core web api) or the client would be enough itself?
I appreciate any hint.
I've found docs on MS page regarding 3rd login providers. And this article describes OIDC auth process. The Blazor wasm authentication uses oidc-client.js library, which is capable of oauth2 and oidc. Therefore, it is possible and client should be enough(see the quote below).
The server hosting the app doesn't play a role.
However, I haven't found any examples of this.

Good Testing approach for a Azure AD B2C

I am working as a tester on a new Web Application that uses Azure B2C, And I am looking for the appropriate approach to handle this project. Please suggest me some ideas
It's the same approach as testing any Azure AD application.
Test all the profiles e.g. sign up / sign-in / reset password.
For any API secured by B2C, use automated testing and use the Resource Owner Password flow for the credentials.

Develop .netcore web api with open id connect security while accessing

we have a website which is accessible after azure AD authentication with Open ID connect.
So now the requirement is, we need to develop a .net core web api and need to access this web api from above website.
Need some guidance on developing this web api and how can we access this web api from website securely. Can we use the token method or the JWT or any other way instead of secret key and api key.
Please share any useful link if possible.
Much Thanks
Anuraj
For dotnet core web API project sample you can see here which build on using openID connect.
Once you have build API you need to register it on azure portal. Beside you have assign permission on your application which you are looking forward to access from out side.
Here you can have a look on how to register app on azure portal
After successful registration make sure you have allowed API permission you need like below screen shot:
Here is same thread for API permission guide line you can have a look on.
This is also helpful for you to test it on postman example.
IF you have any complexities regarding implementation let me know. Thanks
You can rely on Microsoft documentation to understand how to properly create a .NET Core Web API with MVC.
Also yes you can use token or JWT or OAuth2 or any authentication method. Here's an useful link: https://auth0.com/blog/securing-asp-dot-net-core-2-applications-with-jwts/
You can then try to code something and eventually ask a more specific problem about coding here in SO.

Azure AD or IdentityServer with Web API, understanding the concepts

Be warned possibly noob question ahead.
I'm a little unsure where exactly Azure AD or IdentityServer is supposed to fit in in the overall communication flow.
Here is a scenario that I often face.
Some "dumb" client (e.g. a Windows App that can't use external assemblies or some JavaScript in a web app) has to contact my Web API which will then contact other APIs or other resources.
If I want to try and implement either Azure AD or IdentityServer as a means of authentication and authorization in the Web API, I don't see that this can be done in any other way, than it has to be the Web API that communicates with Azure AD or IdentityServer as the client doesn't have the ability to do so due to the lack of required assemblies.
If this assumption is not correct, then how would I do this?
If it is correct however, then what means of security is there between the client and the Web API other than communicating over HTTPS when the client has to send it's credentials to the Web API, so the Web API can authenticate and authorize the user against either Azure AD or IdentityServer?
If I understand your requirements correctly, then you are able to change the client Windows app, but unable to add external assemblies to it? So you would not be able to add the ADAL NuGet package to it.
You can still use Azure AD authentication - it is possible, but not trivial, to implement the client code yourself.
Or you can, as you already mentioned, pass the user's credentials to the Web API somehow, and then use that to have the Web API do authentication towards Azure AD on behalf of the user. There is a sample app which shows how to use username/password credentials.
This however, goes against the whole OAuth/OpenIdConnect mindset, where your app should never know the user's credentials.
Here:
https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/active-directory/develop/active-directory-v2-protocols-oidc.md
Be careful with trying to use the most recent version of the Azure AD endpoint (just don't use version 2.0, they shot themselves in the foot by excluding all Azure AD webapp registrations & by "securing" web APIs by making them only available to apps with the same appid - as far as I'm concerned, it's unusable until they fix those two issues) - see the "[!NOTE]" near the top of that linked page for the v2.0 limitations.

Okta API and Agent questions

We're building a IaaS platform for the media industry. We're just looking to verify a few areas of Okta's capabilities and how to manage.
Okta is a web application for performing system administrative tasks against Active Directory repositories
Does Okta have such web application?
A demonstration of the web application
Is it possible to have a trial copy?
Authentication & Authorization via corporate AD
How do we set up the Okta AD Agent?
How do we use Okta API (to be integrated with our platform) to perform authentication against a corporate AD?
How do we use Okta API (to be integrated with our platform) to retrieve custom attribute information from corporate AD?
Thank you for your questions. Here are some resources to help answer your questions:
Our website has detailed documentation on how Okta works with Active Directory.
https://www.okta.com/resources/datasheet-ad-integration/
How to set up AD in Okta: https://support.okta.com/help/articles/Knowledge_Article/Okta-AD-Agent?_ga=1.41164711.449313748.1470873855
Furthermore, you can find further information on how to use the API on on our Developer helpsite: developer.okta.com