Result = app.acquire_token_interactive(, parent_window_handle=app.CONSOLE_WINDOW_HANDLE) The code to talk to the broker would look like this: from msal import PublicClientApplication Even if the hypothetical cat busts inside the user’s office and they run off to close the door, they can come back and instantly see who requested the credentials.īecause MSAL is a library that is available across platforms and languages, the WAM functionality can also be accessed through other library versions, such as MSAL for Python. Much smoother! Not only is the customer not forced to switch context into the browser, but notice there is also context attached to the prompt – the user instantly knows what application is requesting credentials with the help of the customizable title. With the code change, the authnentication experience now looks like this: In the example above, GetConsoleOrTerminalWindow is a function that we’ve documented in the MSAL.NET WAM guide, which obtains the handle to the console Window, and then ensures that the broker is using it. Without it, the broker window would pop up on any connected monitor, in front or behind existing windows – there is too much variability to guess, so we decided to make it a requirement to provide one before calling the API. One of these requirements is the need to provide a window handle for the broker to “bind” to, hence the call to. WithParentActivityOrWindow(handle) that obtains the parent window handle.Īn important note to add here is that because we’re working within the Windows environment, we are also constrained by some of its requirements. Then, we are using the almost exactly same code as we did for the browser-based authentication, with an updated call –. Var authResult = await app.AcquireTokenInteractive(new List() )įirst, we are providing some custom broker options with the help of BrokerOptions – the developer can specify whether they want to set a custom title or even whether we want to show existing accounts connected to Windows. PublicClientApplicationBuilder.Create("CLIENT_ID_YOU_HAVE") NET to try and obtain an access token with a snippet like this: IPublicClientApplication app = Said developer can use the Microsoft Authentication Library (MSAL) for. A developer is building a Windows desktop application that needs to obtain user credentials, such as their personal Microsoft account, to give access to an underlying API. Let’s take a look at a concrete scenario. Both for developers and customers, an authentication broker like WAM drastically simplifies how client applications can authenticate users with their Microsoft or organizational accounts, providing a smooth path from app to account and back. WAM has been in Windows since the early Windows 10 days and it handles all connected Microsoft accounts, both personal as well as those associated with work or school. If you are a Windows user, you might not have even known that you had an authentication broker pre-installed with your operating system – the Web Account Manager, or WAM for short. Take advantage of more complex authentication features, like Windows Hello, conditional access, and FIDO keys.Simplify the user authentication flow and remove any variability from it.Remove the need to handle refresh tokens.Authentication brokers help make your applications more secure and resilient by enabling developers to: One of the interesting developments in the last few years in the field of authentication is the use of authentication brokers.
0 Comments
Leave a Reply. |