By default, when you sign out of Azure Active Directory when using a Open ID Connect/OAuth2 application, you will be prompted to select a user account to sign out of, even if there is only one user account to select. To work around this behavior, there are 3 requirements: Step (1): Add the optional claim for the login_hint Add the login_hint optional claim to the id token in the App…
Read MoreUsing OpenID Connect OWIN middleware to validate an Azure AD JWT token signed with a symmetric key
Azure AD by default uses a certificate to sign an OAuth2 JWT token using an asymmetric algorithm (RS256). Alternatively a JWT token can be signed with a “shared” secret using a symmetric algorithm (HS256). Asymmetric signing algorithm is always more secure in preventing the token to be tampered with compared to a symmetric algorithm since the private key is always kept at the Identity Provider (IDP) and the token consumer…
Read MoreTroubleshooting Asp.Net OWIN and Asp.Net Core Authentication sign-in failures with Azure Active Directory
Let get started! This article assumes you are using your own code to perform the authentication to Azure Active Directory. IMPORTANT: So if your using Azure App Services or Azure Function Apps Authentication/Authorization feature, this article is not for you. You are developing a Asp.Net OWIN or Asp.Net Core Authentication web application and integrating it with Azure Active Directory. You run into some issues during the sign-in process with no…
Read MoreRetrieving user information from Azure AD’s UserInfo Endpoints
In OpenId Connect (OIDC) we have the UserInfo endpoint, that’s specifically for the OIDC protocol and we cannot use with OAuth2 protocol. To use this endpoint in Azure AD we need a token, and without specifying the “Resource” parameter. How to obtain a token (V1) For the sake of this example we’ll use the auth code grant flow to request tokens, using Microsoft Identity Platform V1 endpoint. In a browser…
Read More