The AuthenticationProvider is an implementation of a public interface that is used as an adapter to a external authentication library. The goal is to simplify the set of options provided by the OAuth2 library by limiting the functionality to just capabilities available on the Graph.
- Allow selecting National Clouds
- Handle conditional access challenges
- Map external exceptions to MSGraph ServiceException and ClientException
National Cloud Endpoints
|Global service (default)||https://login.microsoftonline.com|
Interactive Authentication Provider
Shows a UI popup provided by the Auth Server
UsernamePassword Authentication Provider
Passes username/password over the wire to the AuthServer
IntegratedWindows Authentication Provider
Grabs credentials from the OS
DeviceCode Authentication Provider
Outputs a code that needs to be manually entered in a web form at a designated URL.
App asks user for email We call OpenIdConnect discovery endpoint and identify Auth Server/TokenServer Pass that to the “ClientApplication”
- Stateless token cache
- I’m thinking that we don’t actually need stateless support because if you attach before access and after Update events to a token cache then it can load what it needs on the fly. This would mean that a single token cache can satisfy the distributed cache requirement.
Public Client Application
= Per Session Config
OAuth2 Library Requirements
- Accept native request object and add an Authorization header with a valid bearer token.
- Reuse previously obtained tokens for same host
- Refresh expired tokens
- Obtain scopes from inbound request and compare with current scopes. If new scopes are present during a request then initiate request for consent, and use new token with request.