Authenticating a user in Azure AD through a web api?

Question

I'm working on integrating Azure AD authentication with various apps on different platforms.

Is there a way to get an authentication token id from a user logging in through a web api like 'azureadlogin.com/login?user=ted&password=passwordhash'

There seems to be ways of doing it through node or javascript or C# apps but I'd really like to just have a simple web request way of doing it as there are many different apps on different platforms that need to make use of this feature.

Answer 1

No.

There is a way to authenticate with username + password by doing a POST request and using Resource Owner Password Credentials flow, but I don't recommend it.

ROPC will not work if:

1. User's password has expired
2. User is MS account/federated from on-prem AD
3. User has multi-factor authentication enabled

You have a wide selection of authentication flows which work in all these scenarios too, and don't involve the user giving their password to you.

For example:

1. Authorization code flow
2. Implicit grant flow
3. Device authentication flow