Search code examples
azureauthenticationoauth-2.0restful-authentication

Azure AD Authentication through restful api

I'm now working with the Azure AD authentication through this two samples, and it's all worked fine:

But is there any way to authenticate Azure AD with restful API like below?

POST https://loginmicrosoft/XXXXXX
Body 
{
    "username":"YOURACCOUNT",
    "password":"YOURPASSWORD"
}

The Reason I want to use this way is because we have our own login page and want to integrate with Azure AD.

Solution

  • Yes you can. It's called using the resource owner password credentials grant in OAuth 2.0. However, it's no longer a valid flow as of OAuth 2.1 and Microsoft recommends you don't use it. See their documentation here: https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth-ropc

    OAuth 2.1 consolidates the changes published in later specs to simplify the core document.

    The major differences from OAuth 2.0 are listed below.

    • PKCE is required for all OAuth clients using the authorization code flow
    • Redirect URIs must be compared using exact string matching The Implicit grant (response_type=token) is omitted from this specification
    • The Resource Owner Password Credentials grant is omitted from this specification
    • Bearer token usage omits the use of bearer tokens in the query string of URIs
    • Refresh tokens for public clients must either be sender-constrained or one-time use

    If you have your own login page, why not do a redirect or host your login page on Azure AD?