Xamarin+prism Sledgehammer: Customizing cross-platform Outlook mailbox Apps (later)

in the " xamarin+prism trial Sledgehammer: Customizing cross-platform Outlook mailbox apps "There is a reference to Microsoft Identity authentication, which is a big chunk of attention, as a follow-up to these points of knowledge." the previous chapter uses the Microsoft Authentication Library (MSAL) class library for certification, in fact the last use of azure AD V2.0 OAuth2.0 authentication, and supports all user authentication:

• Individual users (@live. com, @outlook. com, @hotmail. com)
• Enterprise (work or school) users (@xxx. onmicrosoft.com)

Previously, if it was difficult to support both Microsoft Personal accounts and Azure Active directory, two sets of authentication logic had to be implemented, and now the Azure AD V2.0 could be implemented at once.

Azure AD V2.0 and Azure ad are distinguished by the following statistics:

	Azure AD	Azure AD V2.0
Conditional Access Device Policy	Support	Currently does not support
Compatible with OAuth 2.0 and OpenID Connect	Not compatible	Compatible
User Rights	Static: The application is specified during registration	Dynamic: apply runtime period requests, including incremental licenses
Account Type	Work or school	Work or school Personal
Application ID	Separate application IDs for each platform	Multiple platforms with one application ID
Registered Place	Microsoft Azure Management	Microsoft Application Registration
Authentication Class Library	Adal:active Directory Authentication For example: Authenticationcontext.acquiretokenasync (resource,client_id,new Uri (Redirect_url), platformparameters);	Msal:microsoft Authentication (preview) For example: Publicclientapplication.acquiretokenasync (Scopes)

Warm reminder:

You can use login as a registered app Id,adal [Microsoft Application registration ], but only for administrators and users who have been granted permission to the app. ( if the user cannot log in, You can use the Msal class library to eject the authorization page authorization before you can log in using Adal. )

Token

The JWT Idtoken obtained through Adal or the Msal class library can be parsed and the following data is parsed:

The Refreshtoken of the two class library are stored in the application related folder, the specific address is as follows:

UWP

private static void defaulttokencache_beforeaccess (Tokencachenotificationargs args) { try

            {                

var localsettings = ApplicationData.Current.LocalSettings; Localsettings.createcontainer (Localsettingscontainername, Applicationdatacreatedisposition.always); byte[] state = Localsettingshelper.getcachevalue (Localsettings.containers[localsettingscontainername]. Values); if (state! = NULL ) {defaultshared.deserialize (state);}} Catch (Exception ex) {logger.information (null, "Failed to load cache: " + ex); // Ignore as the cache seems to be corrupt

            }        }

Android

Try             {                

= Application.Context.GetSharedPreferences (Sharedpreferencesname, filecreationmode.private); string statestring = preferences. GetString (Sharedpreferenceskey, null ); if (statestring! = null ) { byte[] state = convert.frombase64string (statestring); args. Tokencache.deserialize (state); }} catch (Exception ex) {PlatformPlugin.Logger.Warning (null, "Failed to load cache: " + ex); // Ignore as the cache seems to be corrupt

            }

Ios

Try              {                secstatuscode res;                

var rec = new Secrecord (seckind.genericpassword) {Generic = nsdata.fromstring (localsettingscontainername), Accessible = secaccessible.always, Service = "MSAL. Pcl.ios Service" , account = "MSAL." Pcl.ios cache" , Label = "MSAL." Pcl.ios Label" , Comment = "MSAL. Pcl.ios Cache" , Description = "Storage for cache"

                };                

var match = Seckeychain.queryasrecord (rec, out res); if (res = = secstatuscode.success && match! = null && match. Valuedata! = null ) { byte[] databytes = match. Valuedata.toarray (); if (databytes! = null ) {args. Tokencache.deserialize (databytes); } }} catch (Exception ex) {PlatformPlugin.Logger.Warning (null, "Failed to load cache: c10> " + ex); // Ignore as the cache seems to be corrupt

            }

Token	Validity	Describe
ID Token (Enterprise User)	1 hours
ID Token (individual user)	24 hours
Access Token	1 hours	You can get new by using the refresh token.
Refresh Token (Enterprise users)	14 days	Reset the 14-day validity period after each use, up to a maximum of 90 days.
Refresh Token (for individual users)	1 years

Note:

A little research on this, in fact, the first is to have a purpose " is the use of these class library tokens can access all enterprise Office365?" ". The survey found that Adal did have direct access to the SharePoint Rest API, but each enterprise's Azure ad would need to register the authentication app to have multiple app IDs so that the app ID requested by the program would have to be set separately, which would turn it into an enterprise custom version ( If you have the hope of understanding to give some advice? After all, there are a lot of ready-made apps on azure ad that don't know how to put them on? ）。 the corresponding Msal class library has to use its own open SharePoint API, and its API is still a beta version of many things are not complete. If you only want to do enterprise internal applications, Adal class library is still enough.

Xamarin+prism Sledgehammer: Customizing cross-platform Outlook mailbox Apps (later)