General - Azure AD v2 Sign-On Authentication Request

Azure AD v2 Sign-On Authentication Request

Q

What is the Azure AD v2.0 Sign-On Authentication Request?

✍: FYIcenter.com

A

Before deciding which Azure AD v2.0 authentication flow you want to implement in your Web application, you need to have a good understanding of the Azure AD v2.0 Sign-on authentication request, which is the first call you have to make in any authentication flow.

Here is an example of Azure AD v2.0 sign-on authentication request and its parameters:

GET https://login.microsoftonline.com/common/oauth2/v2.0/authorize? 
client_id=bd51d56c-e744-4a58-91e1-9afd0d7e821c                 
&redirect_uri=http%3A%2F%2Ffyicenter.com%3aopenID_receiver.php
&scope=openid                                              
&response_type=id_token                                    
&response_mode=form_post                                   
&nonce=xxxxxx                                              
&state=yyyyyy
&prompt=consent

Here are the parameters you need to provide:

client_id - The Application ID you received from the Azure portal as presented in the previous tutorial.
redirect_uri - The URL of a server side script where the authentication response from Azure AD will be processed. This URL must be defined as a reply URL in Azure AD application ID settings.
scope - Must use "openid" for OpenID Connect protocol
response_type - Can use "id_token", "code", "token", "id_token code" or "id_token token" depending which authentication flow you want to implement.
response_mode - Specify "form_post", if you want the authentication response from Azure AD to be delivered with the POST method.
nonce - A unique request ID, which will be included in the response from Azure AD. You can use the "nonce" to validate the response to prevent token replay attacks.
state - A state identification string, which will be included in the response from Azure AD. You can use the "state" to the user session on Website.
prompt - Indicates the type of user interaction that is required. The only valid values at this time are login, none, and consent

Note that if there is issue with authentication request, Azure AD will display an error page to your end user during the sign-on process.

You can also use the POST method make the Sign-On Authentication Request with all parameters provided in the request body.

⇒ Initiate Azure AD v2 Authentication Request

⇐ Azure AD v2 OpenID Metadata Document

⇑ Azure AD Integration v2.0

⇑⇑ OpenID Tutorials

2021-01-09, 466👍, 0💬