Authentication Response Received from Azure AD v1

Q

How to process the authentication response received from Azure AD v1.0 service after sending a sign-on authentication request?

✍: FYIcenter.com

A

After Azure AD v1.0 service receives a sign-on authentication request from the end user's Web browser, it will process the request and redirect the Web browser to the "redirect_uri" with the sign-on authentication response.

This invoke your server side script located at the "redirect_uri". In order for your script to process the sign-on authentication response, you need to have a good understanding of the authentication response.

Here is an example of Azure AD sign-on authentication response, returned with "response_mode=form_post" and "response_type=id_token" in your authentication request:

POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded

id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik1uQ19WWmNB... 
&state=yyyyyy

The "id_token" value is actually a RFC 7519 - JWT (JSON Web Token) string.

If there is any issue with the authentication, you will receive an error response like this:

POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded

error=access_denied
&error_description=the+user+canceled+the+authentication

If a good response is received, your server side script should parse the end user login information and open your Web application to the end user.

If an error response is received, your server side script should display an error Web page to the end user.

⇒ Azure AD v1 Error: Invalid Reply URL

⇐ Process Azure AD v1 Authentication Request

⇑ Azure AD Integration v1.0

⇑⇑ OpenID Tutorials

2022-05-01, ∼1555🔥, 0💬

Decode Azure AD v1 id_token
How to decode the id_token value received from Azure AD v1.0 authentication response? According to the "RFC 7519 - JWT (JSON Web Token)" standard, the "id_token" value received from Azure AD authentication response should be decoded as below: Splitting the encoded string into 3 components: Header, B... 2021-05-16, ∼2621🔥, 0💬

Authentication Flows with Azure AD v1
What are Authentication Flows Supported by Azure AD v1.0 service? Azure AD v1.0 service supports 3 Authentication Flows: 1. Implicit Flow - The Implicit Flow is simple to implement. But it is less secure. Authentication is done in a single call to Azure AD service, which returns the "id_token" conta... 2022-05-05, ∼2191🔥, 0💬

Dump Azure AD v1 Authentication Response
How to build a PHP script to dump Azure AD v1.0 Authentication Response? If you are use the Azure-AD-Authentication-Reques t-Test.htmltest Web form, you need to write a server side script to dump the Azure AD Authentication Response. Here is an example of PHP script, openID_receiver.php, that dumps ... 2022-05-01, ∼1987🔥, 0💬

Azure AD v1 Error: Invalid Reply URL
Why Azure AD v1.0 display this error message: AADSTS50011: The reply url specified in the request does not match the reply URLsconfigured for the application? The root cause of this error is that you forgot the add the "redirect_uri" in your authentication request to Application ID settings on Azure... 2022-05-01, ∼1980🔥, 0💬

Build Implicit Flow with Azure AD v1
How to implement the OpenID Implicit Flow with Azure AD v1.0 service? If you want to implement the OpenID Implicit Flow in your Web application to use Azure AD service, you should follow these steps: 1. Building the Azure AD v1.0 Sign-on authentication request: Register your Web application to the A... 2021-05-16, ∼1966🔥, 0💬

Initiate Azure AD v1 Authentication Request
How to initiate Azure AD v1.0 Sign-On Authentication Request? The Azure AD Sign-On v1.0 Authentication Request must be initiated from the end user's Web browser, because the Azure AD service needs to communicate with the Web browser to make sure that the end user is signed on to an AD (Active Direct... 2022-05-05, ∼1756🔥, 0💬

Process Azure AD v1 Authentication Request
How to the Azure AD v1.0 Sign-On Authentication Request is process by Azure AD service? When Azure AD v1.0 service receives a Sign-On Authentication Request from an end user's Web browser, it will: Verify if the "client_id" value in the request is valid. If not, display an error message page to the ... 2022-05-01, ∼1692🔥, 0💬

Azure AD v1 Authentication Request Test Page
How to build an Azure AD v1.0 Authentication Request Test page? The Authentication Request is the first call to the Azure AD service. You can build a simple Web form page to test different behavior of the Authentication Request. Here is an example, Azure-AD-Authentication-Reques t-Test.html:<... 2022-05-01, ∼1688🔥, 0💬

Azure AD v1 Sign-On Authentication Request
What is the Azure AD v1.0 Sign-On Authentication Request? Before deciding which Azure AD v1.0 authentication flow you want to implement in your Web application, you need to have a good understanding of the Azure AD sign-on authentication request, which is the first call you have to make in any authe... 2022-05-05, ∼1645🔥, 0💬

All rights in the contents of this web site are reserved by the individual author. fyicenter.com does not guarantee the truthfulness, accuracy, or reliability of any contents.