Authentication Response Received from Azure AD v2

Q

How to process the authentication response received from Azure AD v2.0 service after sending a sign-on authentication request?

✍: FYIcenter.com

A

After Azure AD v2.0 service receives a sign-on authentication request from the end user's Web browser, it will process the request and redirect the Web browser to the "redirect_uri" with the sign-on authentication response.

This invoke your server side script located at the "redirect_uri". In order for your script to process the sign-on authentication response, you need to have a good understanding of the authentication response.

Here is an example of Azure AD v2.0 Sign-on authentication response, returned with "response_mode=form_post" and "response_type=id_token" in your authentication request:

POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded

id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Ik1uQ19WWmNB... 
&state=yyyyyy

The "id_token" value is actually a RFC 7519 - JWT (JSON Web Token) string.

If there is any issue with the authentication, you will receive an error response like this:

POST / HTTP/1.1
Content-Type: application/x-www-form-urlencoded

error=access_denied
&error_description=the+user+canceled+the+authentication

If a good response is received, your server side script should parse the end user login information and open your Web application to the end user.

If an error response is received, your server side script should display an error Web page to the end user.

 

Azure AD v2 Error: Invalid Reply URL

Process Azure AD v2 Authentication Request

Azure AD Integration v2.0

⇑⇑ OpenID Tutorials

2019-05-03, 228👍, 0💬