-
Notifications
You must be signed in to change notification settings - Fork 166
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Question] How to pass AAD auth parameters in MSIX Authentication #625
Comments
Hey, just bumping this thread. I tried adding "An error occurred while attempting to authenticate. The user account does not have access to the target resource. Contact your administrator for assistance." I believe the reason is because no tenant ID, scope and client ID is passed to AAD when retrieving a bearer token. |
Bumping this thread again. I assume app installer is expecting users to perform server side authentication if client side authentication is not supported. It would be great if anyone can point to a sample or documentation of that auth flow. |
There is no way to specify a client ID or scope. App Installer uses its own client ID and sets the scope depending on whether the resource is on SharePoint or Azure Storage. It may also be worth updating App Installer or testing installing the .msix directly (without using a .appinstaller file). There used to be a bug that caused cryptic errors when using auth for .appinstaller files. |
Thanks for the reply. Unfortunately giving access to users to Azure Storage is not encouraged by Microsoft security policies. A web API that can authenticate via a managed service identity is encouraged. Hence why I require the app installer to authenticate with a custom web API. I have not considered using SharePoint and not familiar with the experience there. Having said that, it would be nice if a user is able to customize the client ID and scope for app installer auth. |
Hey,
I have published an appinstaller to a custom web application and now I want to add authentication. The documentation says that this can be done by adding
&msix=aad
to the end of the URI. However, it does not mention how to specify the client ID, tenant ID of the app registration and the required scopes when requesting a bearer token from Azure Active Directory.Is there a way to specify those parameters?
The text was updated successfully, but these errors were encountered: