Azure Active Directory Developer Support Team

Using jwt.io to verify the signature of a JWT token

March 4, 2019March 25, 2021 Bac Hoang [MSFT]

Introduction In an asymmetric algorithm, a JWT token is signed with an Identity Provider’s private key. To verify the signature of the token, one will need to have a matching public key. This post will cover how to use the JWT tool at https://jwt.io/ to verify the signature of an signed Azure AD token (either access or id token). Note: You should only validate the token intended for your own…

Troubleshooting network related issue when using ADAL authentication library

January 7, 2019March 24, 2021 Bac Hoang [MSFT]

Problem: The problem described in this post is often seen in enterprise environment where the customer uses ADAL.Net library to run code like the following from their corpnet machine to authenticate to Azure Active Directory with a Federated account. The network topology in a corporate environment is often complex with multiple security measure put in place (proxy, firewall, router, etc…) to protect the LAN environment from the internet. Unfortunately, these…

Microsoft Graph Explorer – How come I only see one user in my directory?

January 5, 2019January 9, 2019 Bac Hoang [MSFT]

Problem: Customer uses the Microsoft Graph Explorer tool and clicks the “Sign in with Microsoft” button to log in. After logging in, he tries the following query to get all the users in his directory. There is only one user returned. Expected result is that there should be a lot more than one user in this directory being returned by MS Graph. Resolution: This is because the customer logs in…

Walkthrough: how to retrieve an Azure Key Vault secret from an Azure Function App using client credentials flow with certificate

January 3, 2019August 12, 2019 Bac Hoang [MSFT]

Introduction: This post builds on the information from the previous post and I will assume that you already have an Azure Key Vault, an AAD Application registration, and a certificate file. We will cover the following steps in this blog in order to use a certificate from an Azure Function App: Create an Azure Function App Upload the certificate to the Function App Configure the Function App to load certificate…

Walkthrough: how to retrieve an Azure Key Vault secret from a console app using client credentials flow with certificate

January 2, 2019August 9, 2019 Bac Hoang [MSFT]

Introduction This is a code walkthrough to show you how to create a .Net console application to authenticate to Azure Active Directory using OAuth2 Client Credentials flow to get an access token to Azure Key Vault. It then uses the access token to call Azure Key Vault to get a secret. The following steps will be performed in this post: Create an Azure Key Vault Create a new self-signed certificate…

Capturing Python web traffic with Fiddler

December 31, 2018March 17, 2023 Bac Hoang [MSFT]

Update 4/15/2019 – added GraphRbacManagementClient section Introduction: Capturing encrypted HTTPS web traffic in Python with Fiddler can be tricky mainly because Python uses its own trusted certificate store instead of the OS’s certificate store and in certain scenario, python does not use proxy by default. This post will cover how to capture SSL traffic using Fiddler for a few different scenario: ADAL for Python: The problem with this case is…

How to add an owner to an Azure AD Application

November 11, 2018February 18, 2021 Bac Hoang [MSFT]

Introduction: This post will go over a three different ways to add owner to Azure AD Application using Azure Powershell, Azure AD Graph, and Microsoft Graph endpoint. The Microsoft Graph documentation on this may not be clear to point out that an Application owner can be either a User object or a Service Principal object. Various technique to add Application Owner: Azure AD Powershell: Use the Azure AD Powershell command…

Receiving Error AADSTS50058 in JavaScript Setting

November 7, 2018 Frank Hu MSFT

Introduction This post is to review why a user may receive the error AADSTS50058 in a Javascript setting. The full error that is shown is : AADSTS50058: A silent sign-in request was sent but no user is signed in. The cookies used to represent the user’s session were not sent in the request to Azure AD. This can happen if the user is using Internet Explorer or Edge, and the…

How to Use the .Net Microsoft Graph SDK to Get Users and Get Next Page of Results

November 7, 2018 Frank Hu MSFT

Introduction This post will explain how to use the .Net Microsoft Graph SDK in order to get users. This article is assuming that you have already gotten an Access Token using ADAL .NET. In order to learn more on how to get the Adal .NET token, please reference : How to Use the ADAL .NET library to Acquire a Token Interactively in a Console Application (Authorization Code Flow) Link Warning…

How to Use the ADAL .NET library to Call the Microsoft Graph API in a Console Application (Using Authorization Code Flow)

November 7, 2018 Frank Hu [MSFT]

Introduction This post is to show how to use the ADAL .NET library to acquire a token interactively in a console application. It will go through setting up an Azure Active Directory Application, setting up the .net console application, acquiring an access token, and then make a HTTP request using the token acquired from the ADAL .net library to get 5 users using the Microsoft Graph API. Setting up your…