The AuthenticationProvider is an implementation of a public interface that is used as an adapter to a external authentication library. The goal is to simplify the set of options provided by the OAuth2 library by limiting the functionality to just capabilities available on the Graph.
- Allow selecting National Clouds
- Handle conditional access challenges
- Map external exceptions to MSGraph ServiceException and ClientException
| Country | Authorization Server |
|---|---|
| China | https://login.chinacloudapi.cn |
| Germany | https://login.microsoftonline.de |
| US Government | https://login.microsoftonline.us |
| Global service (default) | https://login.microsoftonline.com |
Shows a UI popup provided by the Auth Server
Passes username/password over the wire to the AuthServer
Grabs credentials from the OS
Outputs a code that needs to be manually entered in a web form at a designated URL.
App asks user for email We call OpenIdConnect discovery endpoint and identify Auth Server/TokenServer Pass that to the "ClientApplication"
- Multi-user
- Multi-cloud
- Stateless token cache
- I'm thinking that we don't actually need stateless support because if you attach before access and after Update events to a token cache then it can load what it needs on the fly. This would mean that a single token cache can satisfy the distributed cache requirement.
= Per Session Config
- Multi-user
- Multi-cloud
- Accept native request object and add an Authorization header with a valid bearer token.
- Reuse previously obtained tokens for same host
- Refresh expired tokens
- Obtain scopes from inbound request and compare with current scopes. If new scopes are present during a request then initiate request for consent, and use new token with request.