I am creating an app on iOS that will run in a "kiosk" mode. Part of the application requires users to be able to search an organisation's directory. I would like to support Azure AD via the Azure Graph API to provide this function.
I don't want to require an interactive login when the app starts and I don't want to have to use an additional web service; I would like for the iOS app to simply access the Azure Graph API via REST.
I am aware of the risks associated with cached credentials, however the use of "service accounts" for non-interactive logins is fairly well established, the access is read-only and the credentials can be secured in the iOS keychain.
I have looked through numerous Azure samples and read the documentation and it seems that the method that provides what I need
This can be done, but not with the ADALiOS framework as it doesn't expose the
client_credentials grant that is required to make it work.
The steps to build a working solution are:
The meat of the authentication process is to set up an instance of
let settings = [ "client_id": appData.clientId!, "client_secret": appData.secret!, "authorize_uri": appData.authString!, "token_uri": appData.tokenString!, "keychain": true, "secret_in_body": true ] as OAuth2JSON self.oauth2 = OAuth2ClientCredentials(settings: settings)
Then you can call
doAuthorize() to get a token