How to use nativeclient redirect URI when authenticating with Microsoft Azure?

1,098

Custom Scheme URIs are the most common option, as you say, and commonly used with AppAuth. You could only use the Microsoft callback URL if using older (deprecated) webview logins, that are blocked by some providers, such as Google.

SECURITY PURIST VIEWPOINT

Recent Financial Grade APIs Recommendations suggest Claimed HTTPS Schemes as the preferred mobile option for higher security apps.

In this case you need to own the HTTPS domain and link it to the digital signature of your mobile app via an online assets file. Of course you cannot do this for the Microsoft URL.

RESOURCES OF MINE

My blog has further info on Claimed HTTPS schemes with AppAuth, including code samples you can run from your local PC, in case this is an area you'd like to review further. It is difficult to implement though:

Share:
1,098
Magnus
Author by

Magnus

Updated on December 25, 2022

Comments

  • Magnus
    Magnus 11 months

    I'm playing around with Microsoft Azure and signing in from a Flutter app using OAuth2. I'm using the flutter_appauth plugin to sign in, and I have setup a custom URI scheme as described in that plugins instructions. In my case, I'm using com.onmicrosoft.example.mytestapp://oauth/redirect.

    Things work as expected, I can sign in and get an ID-token, but one thing is still a bit puzzling: In Microsofts documentation, it says:

    For native & mobile apps, you should use the default value of https://login.microsoftonline.com/common/oauth2/nativeclient

    That URI is also one of the automatically created ones for my app in the Azure portal. Using it in my mobile app doesn't work - but using the custom scheme does. Is it better to use that URI instead of my custom scheme URI, and if so how would I get it to work with my Flutter app?