How to reproduce:

1. clone the repository

2. replace the client id with your own client id

3. run it and open the website in FireFox 75.0 (64-bit), Windows 10

4. Try to log in with a personal account.

Unhandled rejection s@https://secure.aadcdn.microsoftonline-p.com/lib/1.1.2/js/msal.min.js:17:29059
c@https://secure.aadcdn.microsoftonline-p.com/lib/1.1.2/js/msal.min.js:17:28565
r</c.createClientInfoDecodingError@https://secure.aadcdn.microsoftonline-p.com/lib/1.1.2/js/msal.min.js:17:27489
s@https://secure.aadcdn.microsoftonline-p.com/lib/1.1.2/js/msal.min.js:17:82499
r</l.prototype.saveTokenFromHash@https://secure.aadcdn.microsoftonline-p.com/lib/1.1.2/js/msal.min.js:17:60262
r</l.prototype.processCallBack@https://secure.aadcdn.microsoftonline-p.com/lib/1.1.2/js/msal.min.js:17:49026
r</l.prototype.handleAuthenticationResponse@https://secure.aadcdn.microsoftonline-p.com/lib/1.1.2/js/msal.min.js:17:50705
l@https://secure.aadcdn.microsoftonline-p.com/lib/1.1.2/js/msal.min.js:17:68696
@https://localhost:44302/App/Scripts/app.js:15:29
@https://localhost:44302/App/Scripts/app.js:123:2

If I ran it in Edge, I can sign in with my personal account.

Followed the instructions on the wiki, but get this error; Application ''" (My app Name) is not supported over the /common or /consumers endpoints. Please use the /organizations or tenant-specific endpoint.

Do you guys have a sample in .NET 4.6 or can give a pointer?

IIssuerSecurityTokenProvider is not longer available in Microsoft.Owin.Security.Jwt. There is now IIssuerSecurityKeyProvider and OpenIdConnectCachingSecurityTokenProvider is no longer compiling.

Therefore I cannot get OAuthBearerAuthenticationOptions working with an Azure AD v2 endpoint on my Web API.

The sample is still using 0.2.3, the code is incompatibility with msal.js 1.x.

I am attempting to achieve the same result, except that I am using Azure Functions instead of Web API. How can I implement Owin middleware inside an Azure function?

I'm getting an HTTP 404 - Not Found error after signing in. Am I supposed to set a specific Reply URL in Azure? I have it set to https://localhost:44302/ currently.

We are using Azure AD app and msal.js to connect to Yammer in SharePoint online. The connection and script works fine in Chrome but in IE it gives error and msal.js is not loaded. The SharePoint online site is based on classic team site template so IE mode is IE 10 and loading the page gives error SCRIPT5009: 'Map' is undefined msal.min.js (17,68667).

Hi, I was following the step-by-step but I can't figure out how to get the ida::tenant and ida::audience for the application. It's not described in the "Register the application" section. What am I missing?

I followed the directions but get 401 Unauthorized when I call
http://127.0.0.1:8080/api/TodoList

Hi, i don't find steps to register and configure my asp.net web api ( expose ).

Below code is like calling an async method in sync context which is a bad practice and causing deadlock with infinite loops.

        _synclock.EnterWriteLock();  --> synchronous lock

            OpenIdConnectConfiguration config = _configManager.GetConfigurationAsync().Result;  --> async method

Could you please update the above code as below to avoid a deadlock situation.

            OpenIdConnectConfiguration config =Task.Run( _configManager.GetConfigurationAsync).Result;

You will get following exception on trying to authenticate with (in my case) an organization account.

AADSTS50194: Application 'cab0646e-fd4e-4ea9-8eae-68e057d6bf2e'(Azure-Samples_active-directory-javascript-singlepageapp-dotnet-webapi-v2) is not configured as a multi-tenant application. Usage of the /common endpoint is not supported for such applications created after '10/15/2018'. Use a tenant-specific endpoint or configure the application to be multi-tenant.

If you have the same problem you can do the following:

Find the TenantId on the overview of your registered app:

Then do the following in code:

Hello,
trying to run the sample code against Azure AD B2C returns the error:

Unhandled rejection AADSTS700054: response_type 'id_token' is not enabled for the application.

The reasons seems to be that Azure AD B2C applications , while they do have a configuration setting to "Enable Implicit Flow" Yes/No (I configured "yes"), do not have a setting to enable the "ID Token" like Azure AD apps do.

Couple of questions:

• Is this an error of this sample code, or is this sample code not supporting Azure AD B2C?
• I noticed that the MSAL.js library linked here is older than the current available 1.1.1. I tried updating, but other issues show up in the code, so I believe this may be a breaking change. Would updating the sample to support a more recent MSAL.js library resolve the issue?

Thank you

In this repo, the only token validation is based on Audience:

            var tvps = new TokenValidationParameters
            {
                // In this app, the TodoListClient and TodoListService
                // are represented using the same Application Id - we use
                // the Application Id to represent the audience, or the
                // intended recipient of tokens.

                ValidAudience = ConfigurationManager.AppSettings["ida:Audience"],

                // In a real application, you might use issuer validation to
                // verify that the user's organization (if applicable) has
                // signed up for the app.  Here, we'll just turn it off.

                ValidateIssuer = false,
            };

Is this actually secure? For a production app should we also be validating IssuerSigningKey as well? Or is that not necessary because the key is signed with a public/private key pair?

Thank you

Hi,

I am getting this error:
AADSTS50194: Application is not configured as a multi-tenant application. Usage of the /common endpoint is not supported for such applications created after '10/15/2018'. Use a tenant-specific endpoint or configure the application to be multi-tenant.

I changed this to
AccessTokenFormat = new JwtFormat(tvps, new OpenIdConnectCachingSecurityTokenProvider("https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration")),

to
AccessTokenFormat = new JwtFormat(tvps, new OpenIdConnectCachingSecurityTokenProvider("https://login.microsoftonline.com/MYTENANTID/v2.0/.well-known/openid-configuration")),

But still get an error, does this work with the latest app registration feature in AD?

I have been searching for hours and am unable to find clear guidance on how to use ADAL.js with ADFS (v4+ with openid connect) with a SPA. Please provide some kind of translation matrix for parameters and configuration values to allow use to use ADFS in the place of AAD.

You make it a point to claim ADFS compatibility but make it very hard for the rest of us to verify this statement.

System.Data.SqlClient.SqlException
HResult=0x80131904
Message=Directory lookup for the file "D:\Projects\Sample Apps\active-directory-javascript-singlepageapp-dotnet-webapi-v2-master\TodoSPA\App_Data\TodoListServiceContext.mdf" failed with the operating system error 2(The system cannot find the file specified.).
CREATE DATABASE failed. Some file names listed could not be created. Check related errors.
Source=.Net SqlClient Data Provider

The server side is based on .net framework 4.5. Many of these extension methods are not anymore avialable in .net core 2.0. Would be nice to have a sample web api running on .net core 2.0 backend. Is samples somewhere I can find (if not any plan to provide such) ?

Nice clean sample to understand and follow, BTW. Thanks!