You can provide single-sign in to your application by started with a few lines of code. A new wizard in Azure Active Directory documentation makes that easier than ever. A new Azure AD v2.0 endpoint introduces you integrate to simplify your code for your users to log in. with their Microsoft account and work and school accounts.
App can now accept sign-in from both Microsoft Accounts and Azure AD accounts, using a single auth endpoint.
The new Azure Active Directory (Azure AD) v2.0 endpoint supports authentication for a variety of modern app architectures, all of them based on industry-standard protocols OAuth 2.0 or OpenID Connect.
Apps that use the v2.0 endpoint can also consume REST APIs from the Microsoft Graph using either type of account, which means that your app can find out about your users through a single endpoint. Use Microsoft Graph to build apps for organizations and consumers that connect to a wealth of resources, relationships, and intelligence, all through a single endpoint.
OAuth 2 or Open ID Connect
OAuth 2.0 defines mechanisms to obtain and use access tokens to access protected resources, but they do not define standard methods to provide identity information.
OpenID Connect implements authentication as an extension to the OAuth 2.0 authorization process.
You’ll use Open ID Connect for most of your applications. And it’s just baked into the libraries.
Azure Active Directory (Azure AD) simplifies authentication by providing identity as a service, with support for industry-standard protocols such as OAuth 2.0 and OpenID Connect.
These are the application scenarios supported by Azure AD v2.0 endpoint. Your app will probably fall into one of these categories:
- Web Apps. For apps that are accessed through a browser (.NET, PHP, Java, Ruby, Python, NodeJS). You can use OpenID Connect for user sign-in.
- Web API Apps. You can use the v2 enpoint to secure Web Services, such as Web API.
- Mobile and native apps.
- Daemons and server-side apps. Apps that are long-running processes that operate without interaction of a user. These apps can authenticate and get tokens by using the app’s identity.
So when should you stick to the v1 endpoint? Here’s Microsoft’s simplified recommendation for developers at this point in time:
- If you must support personal Microsoft accounts in your application, use the v2.0 endpoint. But before you do, be sure that you understand the limitations that we discuss in this article.
- If your application only needs to support Microsoft work and school accounts, don’t use the v2.0 endpoint. Instead, refer to our Azure AD developer guide.
In the case of an application I’m currently writing, I want to get the user to sign in from a variety of ways. I want to take that token and call another service (on my same site) that will call another service to act on my behalf. For that final service to do work, it needs to authenticate my credentials so it can act on-behalf-of me. I can pass from my app’s initial sign in all the way through.
So let’s get started.
You can get started in just a few steps and a few lines of code.
It takes just a few steps:
- Register the new app with Azure AD. There is a new app registration wizard. To register an app that works with the v2.0 endpoint, you must use a new app registration portal: apps.dev.microsoft.com. You use the same app ID across your platforms. So your iOS app uses the same Application ID as your web app.
- Set up the app to use its authentication pipeline. You can use code in the wizard. Or one of the sample apps.
- Issue sign-in and sign-out requests to Azure AD.
- Display user information.
Note: There could be some changes to the APIs. So you may have to update your app.
Azure Documentation: Sign-in Microsoft Account & Azure AD users in a single app
- Build Mobile and Native Application with OAuth 2.0
- Build Web Apps with Open ID Connect
- Build Single Page Apps with the OAuth 2.0 Implicit Flow
- Build Daemons or Server Side Processes with the OAuth 2.0 Client Credentials Flow
- Get tokens in a Web API with the OAuth 2.0 On Behalf Of Flow
Online video: Enterprise Grade Sign in for Your Apps
Code samples for more complex scenarios: Azure Samples (search on “endpoint”)