G. Dulin G. Dulin - 10 days ago 7
Android Question

How Android use ADAL library with clientCredential to aquireToken then call API hosted on Azure

I have to develop an android app which calls API operation hosted on Azure.
The access to the API is managed by the AD.
API is registered in Azure AD as Web app/API.

What I want to achieve is the client app acquire an token from AD by providing client credential, then use this token to access to the API operation.

By using .net ADAL library, we can achieve this like below:

using Microsoft.IdentityModel.Clients.ActiveDirectory;
using System.Net.Http;
...

var cc = new ClientCredential(clientId, clientSecret);
var ac= new AuthenticationContext(authority,false);
var token = ac.AcquireToken(resource,cc);

var client = new HttpClient();
client.DefaultRequestHeaders.Authorization = new Headers.AuthenticationHeaderValue("Bearer",token.AccessToken);

var response = client.GetAsync(url).Result;
var responseContent= response.Content.ReadAsStringAsync().Result;


In ADAL library for android, there is no client credential class, so in order to acquire token from AuthenticationContext class, I have changed the API app type from Web App/API to Native in Azure AD.

Then the following implementation prompts a windows login page but I want to use the client credential stored in config instead of manual login popup:

AuthenticationContex authenticationContext = new AuthenticationContext(MainActivity.this,
AUTHORITY, true);

authenticationContext.acquireToken(MainActivity.this,
RESOURCE,
CLIENT_ID,
REDIRECT_URI,
PromptBehavior.Always,
new AuthenticationCallback<AuthenticationResult>() {
@Override
public void onSuccess(AuthenticationResult result) {
String idToken = result.getIdToken();
String accessToken = result.getAccessToken();

Log.d(LOG_TAG, "ID Token: " + idToken);
Log.d(LOG_TAG, "Access Token: " + accessToken);
}

@Override
public void onError(Exception exc) {
// TODO: Handle error
}
});


Any idea how to achieve that and the reason why ADAL library is different for .Net and Android?

Thanks

Answer

Android is a public client and NO one should be executing confidential client flows in a native app. Client credentials are meant for confidential client flows and hence not exposed in android. .net can be used on both server and client, but that does not mean that you use confidential client flows in a native app.

Comments