Developer Preview of OAuth Code Grant and AAL for Windows Store Apps

Developer Preview of OAuth Code Grant and AAL for Windows Store Apps

  • Comments 2
  • Likes

Howdy folks,

I am happy to let you know that the next phase in our developer preview program has started and today we're making two new features available for you to try out and give us feedback on:

  • Support for OAuth2 for delegated directory access
  • An updated Windows Azure Authentication Library (AAL) designed to work with Windows Store applications.

Together, those new features will help you deliver a modern application authorization experience that takes advantage of Windows Azure AD from your native client applications running on Windows RT and Windows 8 devices. 

Below you can find more details on the new features.

New Authentication Options: OAuth2 Code Grant

In our ongoing efforts to build the world’s most open Identity Management service, we’re thrilled to introduce the developer preview of our new OAuth2 grant type authorization flow. This builds on top of our already strong support for SAML, WS-Federation and the client credentials grant type in OAuth2 for server to server flows.

The authorization code grant enables you to drive user authentication flows from native applications; moreover, it offers important features (such as refresh tokens) which can help you to maintain long running sessions while minimizing the need to prompt users for their credentials.

Our OAuth2 preview also gives Administrators fine-grained control over which applications can have which sets of access privileges to the directory Graph API.

As part of this work, our Graph API has been extended to include new entities which facilitate managing delegation relationships between clients and services and theGraph Explorer, the test tool we made available during the first developer preview to explore the Graph API, has been updated to enable you to experiment with new features.

Fig 1: Updated Graph Explorer

 

Windows Azure Authentication Library (AAL) for Windows Store

Today we are also releasing a developer preview of the Windows Azure Authentication Library (AAL) for Windows Store applications.

Like its .NET counterpart (announced here) AAL for Windows Store makes it easy for you to add authentication capabilities to your modern client apps, delegating the heavy lifting to Windows Azure AD by taking advantage of the new OAuth2 code grant support.

AAL for Windows Store takes full advantage of the Windows Runtime environment features. For example:

  • It is packaged as a Windows Runtime Component, which allows you to use the library in both C# and HTML5/JavaScript application types
  • It wraps the WebAuthenticationBroker, a Windows 8 feature designed to facilitate web based authentication flows and single sign on across trusted apps
  • It offers transparent session management: AAL leverages the Credential Vault feature in Windows 8 to take care of persistent token caching, automatic token refreshing and even roaming across trusted machines!

Naturally, the advantages of the AAL .NET approach are available for AAL for Windows Store as well, or example, making it easy for you to add support for multiple authentication factors in your Windows Store apps.

Fig 2: AAL for Windows Store wrapping the Windows Auth Broker

 

For more details on AAL for Windows Store, please refer to this deep dive post.

 

To help you quickly get up to speed on these new capabilities, we have built a complete step by step walkthrough that will guide you through the development and testing of a Windows Store app and a REST service. You’ll be using AAL for Windows Store to add authentication capabilities to a Windows Store app, the JWT token handler for securing an ASP.NET Web API service, and the Graph Explorer to register the app and service, as well as grant permissions for the app to call the service. You can access it here.

If you want to take a look at the code right away, the end result of the walkthrough is also available as a downloadable sample here.

This is our first preview touching on the devices + services scenarios. You can expect much more in the coming months, including support for multiple platforms and more protocols.

During our first developer preview your feedback has been invaluable in shaping Windows Azure AD to be the identity service you want. We hope you’ll choose to partner with us again, by providing us with the feedback we need to ensure we’ll exceed your expectations.

 

Best Regards,

Alex Simons (@Alex_A_Simons)

Director of PM

Active Directory

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • Is it's possible to secure a wcf service using Azure Active Directory?

  • Hi Mahmoud,

    You can secure WCF services as long as you use transport security (as opposed to message based security). You can use AAL to obtain a token from Windows Azure AD, and inject that token in a call to a WCF service with a suitable binding. For an example see www.cloudidentity.com/.../using-aal-to-secure-calls-to-a-classic-wcf-service-2