AspNetKatana: Microsoft account with MicrosoftAccountAuthenticationOptions does not seem to work
I understand Microsoft updated their APIs recently, I created a new app at https://apps.dev.microsoft.com
Application Id: 388e0946-5fa0-4143-8e7a-97141200f6a6 Password: obu****************************
Platforms: Web Allow Implicit Flow: YES Redirect URIs: https://localhost:44300/ signin-microsoft https://ufotoday.com/ signin-microsoft
Microsoft Graph Permissions: User.Read Application Permissions: Profile
I did not use “generate new key pair” (not sure what is it for)
I know that before it was not possible to test on localhost, this is tested live on UFOToday.com, but I keep getting “access denied”,
response_type=code seems suspicious, I would think code maybe replaced with something else (not sure) see https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-scopes#using-permissions
I noticed that the name of the scope changed from wl.emails wl.birthday, so I’m just trying with what I saw in the example code “openid email profile” (otherwise it’s breaking)
My code:
// https://account.live.com/developers/applications
// https://docs.microsoft.com/en-us/aspnet/core/security/authentication/social/microsoft-logins
var microsoftAuthOptions = new MicrosoftAccountAuthenticationOptions();
microsoftAuthOptions.ClientId = currentPortalProviders.MicrosoftLiveClientId;
microsoftAuthOptions.ClientSecret = currentPortalProviders.MicrosoftLiveClientSecret;
microsoftAuthOptions.CallbackPath = new PathString("/signin-microsoft");
// See https://azure.microsoft.com/documentation/articles/active-directory-v2-scopes/
microsoftAuthOptions.Scope.Add("openid");
microsoftAuthOptions.Scope.Add("email");
microsoftAuthOptions.Scope.Add("profile");
microsoftAuthOptions.Provider = new MicrosoftAccountAuthenticationProvider()
{
OnAuthenticated = (context) =>
{
context.Identity.AddClaim(new Claim("urn:microsoft:access_token", context.AccessToken));
var expiryDuration = context.ExpiresIn ?? new TimeSpan();
context.Identity.AddClaim(new Claim("urn:microsoft:expires_in", DateTime.UtcNow.Add(expiryDuration).ToString(CultureInfo.InvariantCulture)));
if (context.Email != null) context.Identity.AddClaim(new Claim("urn:microsoft:email", context.Email));
if (context.Id != null) context.Identity.AddClaim(new Claim("urn:microsoft:id", context.Id));
if (context.Name != null) context.Identity.AddClaim(new Claim("urn:microsoft:name", context.Name));
if (context.FirstName != null) context.Identity.AddClaim(new Claim("urn:microsoft:first_name", context.FirstName));
if (context.LastName != null) context.Identity.AddClaim(new Claim("urn:microsoft:last_name", context.LastName));
// Add all other available claims
foreach (var claim in context.User)
{
var claimType = string.Format("urn:microsoft:{0}", claim.Key);
var claimValue = claim.Value.ToString();
if (!context.Identity.HasClaim(claimType, claimValue))
context.Identity.AddClaim(new Claim(claimType, claimValue, "XmlSchemaString", "Microsoft"));
}
return Task.FromResult(0);
}
};
app.UseMicrosoftAccountAuthentication(microsoftAuthOptions);
This is what I’m getting:
Request URL:https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=388e0946-5fa0-4143-8e7a-97141200f6a6&scope=openid email profile&response_type=code&redirect_uri=https%3A%2F%2Fufotoday.com%2F signin-microsoft &state=-LhKxD2fwHXxpUcr5oJWrQdXxe-mOJoKhW0U4UJZE6C7y8ALp5XHyz5OgDp8EDeIoVg4jLis-bayiQ-kU0GctuaGMT3ltbNPI7oRFdB_KhExHeLsy3a3WSLOUIOKDmq8exIxuc5nzgOCyHuLxoMvdZVk7DpsQ7Pc2BGiJKJ_GpBMXtlALCtsn7BHfVrT9IjlBLe0I0z66XS_XUub4W4OYA Request Method:GET Status Code:200 OK Remote Address:23.100.32.136:443 Referrer Policy:no-referrer-when-downgrade
Request URL:https://login.live.com/oauth20_authorize.srf?client_id=388e0946-5fa0-4143-8e7a-97141200f6a6&scope=openid email profile&response_type=code&redirect_uri=https%3A%2F%2Fufotoday.com%2F signin-microsoft &state=-LhKxD2fwHXxpUcr5oJWrQdXxe-mOJoKhW0U4UJZE6C7y8ALp5XHyz5OgDp8EDeIoVg4jLis-bayiQ-kU0GctuaGMT3ltbNPI7oRFdB_KhExHeLsy3a3WSLOUIOKDmq8exIxuc5nzgOCyHuLxoMvdZVk7DpsQ7Pc2BGiJKJ_GpBMXtlALCtsn7BHfVrT9IjlBLe0I0z66XS_XUub4W4OYA&login_hint=yovavgad%40gmail.com&ui_locales=en-US&display=page&uaid=aedea0ead6e94294a42ad04754ced973&issuer=mso&tenant=common&msproxy=1 Request Method:GET Status Code:302 Found Remote Address:131.253.61.96:443 Referrer Policy:no-referrer-when-downgrade
Request URL:https://ufotoday.com/ signin-microsoft ?code=Mde1a1f82-19ea-afb6-faed-6492578ef127&state=-LhKxD2fwHXxpUcr5oJWrQdXxe-mOJoKhW0U4UJZE6C7y8ALp5XHyz5OgDp8EDeIoVg4jLis-bayiQ-kU0GctuaGMT3ltbNPI7oRFdB_KhExHeLsy3a3WSLOUIOKDmq8exIxuc5nzgOCyHuLxoMvdZVk7DpsQ7Pc2BGiJKJ_GpBMXtlALCtsn7BHfVrT9IjlBLe0I0z66XS_XUub4W4OYA Request Method:GET Status Code:302 Remote Address:52.183.33.89:443 Referrer Policy:no-referrer-when-downgrade
Request URL:https://ufotoday.com/signup-connect?error=access_denied Request Method:GET Status Code:302 Remote Address:52.183.33.89:443 Referrer Policy:no-referrer-when-downgrade
Does it work for anyone else?
About this issue
- Original URL
- State: closed
- Created 7 years ago
- Reactions: 2
- Comments: 30 (7 by maintainers)
Facing same issue here 😞
There is no update currently scheduled for v3.1 to include this in.
Do you think it will be possible to ship this fix as an update for v3.1?
The next planned release is a 4.0 preview, I’ll get this fixed by then.