Azure OAuth Prefab Integration
Prefab: Azure OAuth Prefab
OAuth 2.0 is an open-standard authorization protocol or framework that provides the ability to securely allow access to the web, mobile, and desktop applications. To learn more about the working of WaveMaker OAuth Prefabs, click here.
Azure OAuth Prefab Properties
Attribute Name | Attribute Type | Description | Remarks/sample values |
---|---|---|---|
loginmode | UI | Inbound parameter. This property sets the login mode, auto login or manual login | auto/manual |
buttoncaption | UI | Inbound parameter | Login With Azure |
This property sets the caption onto the Azure login button. | |||
buttonclass | UI | Inbound parameter | btn-primary |
This property sets the custom class onto the Azure login button | |||
loginsuccessmessage | UI | Inbound parameter | Azure Login Success |
This property will set the text for the toaster after successful authorization | |||
accesstoken | UI | Outbound parameter | |
Access Token from Azure | |||
callbackurl | UI | Outbound parameter | |
Callback url | |||
authorizationheader | UI | Outbound parameter | |
Authorization header to pass on along with request | |||
Appid | Server | Application ID of Azure registered application | |
Secret | Server | Secret of Azure registered application | |
Page | Server | Landing page after login | Main |
Scope | Server | Scopes required to access/retrieve data of user | openid |
AuthReqURL | Server | Authentication request URL | https://login.microsoftonline.com/TENNANTID/oauth2/v2.0/authorize |
TokenReqURL | Server | Access token request URL | https://login.microsoftonline.com/TENNANTID/oauth2/v2.0/token |
Azure OAuth in WaveMaker
To use the Azure OAuth prefab, please follow the steps below:
Pre-requisites
- Azure OAuth Prefab
- Access to Azure Active Directory Setup
- Access to Azure App Registration Portal
- Microsoft Graph API Access
Configure Azure Portal
Log on to https://portal.azure.com and enter your credentials. It redirects to the Azure Portal Home page.
Search for App Registrations from the top navigation bar and click it.
- On the App Registrations screen, click New Registration and provide the app name, account type, and redirect URI.
- In the left panel under App Registration, click Certificates and Secrets then Create New Client Secret and copy the secret value.
In the left panel under App Registration, click API Permissions and add permission Microsoft Graph -> Directory.AccessAsUser.All.
In the left panel under App Registration click Authentication and add redirect URIs as below.
<YOUR_APP_URL>/services/azureOAuthHandler/callback
<YOUR_APP_URL>/prefabs/AzureOAuth/azureOAuthHandler/callback
Using Azure OAuth Prefab in WaveMaker
Download the prefab from Git repository Azure OAuth Prefab and import it as a prefab on your WaveMaker Studio.
Drag and drop the Azure OAuth Prefab.
- Set Login Mode.
- Auto - Auto Login right after initialization
- Manual - On Click of Prefab Login Button
- Set Server Properties, as below:
- Scope - openid
- AppID - It is an application ID from Azure registered application
- Secret - It is a client secret to the respective application
- AuthReqURL - Provide Authentication Request URL
- TokenReqURL - Provide Token Request URL
- Azure OAuth prefab -> Events -> onAccesstokenfetch
It is a callback action. To fetch an accesstoken successfully, invoke login variable, with j_username as ‘ADAUTH’ and j_password as an accesstoken (outbound param).
Page.AzureOAuth2Accesstokenfetch = function($event, $data) {
App.Actions.loginAction.dataBinding.j_username = "ADAUTH";
App.Actions.loginAction.dataBinding.j_password = $data.accesstoken;
App.Actions.loginAction.invoke();
};
Server Side Configuration
- Create a Java Service MyAuthenticationManager by implementing a WMCustomAuthenticationManager interface.
import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import com.wavemaker.runtime.security.SecurityService;
import com.wavemaker.runtime.service.annotations.ExposeToClient;
import com.wavemaker.runtime.service.annotations.HideFromClient;
import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.HashSet;
import com.wavemaker.runtime.security.AuthRequestContext;
import com.wavemaker.runtime.security.WMCustomAuthenticationManager;
import com.wavemaker.runtime.security.WMUser;
import org.json.JSONArray;
import org.json.JSONObject;
import org.json.JSONException;
import java.io.InputStreamReader;
import java.io.BufferedReader;
Override authenticate method as below
@Override
public WMUser authenticate(AuthRequestContext authRequestContext) {
HttpServletRequest httpServletRequest = authRequestContext.getHttpServletRequest();
//setting the logged in user object to null initially
WMUser user = null;
//checking for the security provider type i.e., whether it is OAuth or DB provider
String securityProvider = httpServletRequest.getParameter("j_username");
//logic for the OAuth as the security provider
if ("ADAUTH".equals(securityProvider)) {
logger.info("ADAUTH LOGIN FLOW - STARTS");
//obtaining the token from Prefab
String token = httpServletRequest.getParameter("j_password");
if (token == null) {
return null;
}
logger.info(" --------- ADAUTH Token is "+token);
try {
JSONObject userInfo = getUserInfoFromGraph(token);
logger.info("AZURE AUTH "+userInfo);
String username = new JSONObject(userInfo.getString("responseMsg")).optString("userPrincipalName");
logger.info("AZURE AUTH - userPrincipalName "+username);
user = new WMUser(username, Arrays.asList("DEFAULT"));
user.setUserId(token); // set user id for WM user
} catch (Exception e) {
logger.error("ADAUTH LOGIN - Failed to authenticate", e);
// throw e;
}
logger.info("ADAUTH LOGIN FLOW - STARTS");
}
else {
logger.error("ADAUTH LOGIN - Username must be ADAUTH");
// throw new Exception("Username must be ADAUTH");
}
// returning the logged in user object
return user;
}
private JSONObject getUserInfoFromGraph(String accessToken) throws Exception {
// Microsoft Graph user endpoint
URL url = new URL("https://graph.microsoft.com/v1.0/me");
HttpURLConnection conn = (HttpURLConnection) url.openConnection();
// Set the appropriate header fields in the request header.
conn.setRequestProperty("Authorization", "Bearer " + accessToken);
conn.setRequestProperty("Accept", "application/json");
String response = getResponseStringFromConn(conn);
int responseCode = conn.getResponseCode();
if(responseCode != HttpURLConnection.HTTP_OK) {
throw new IOException(response);
}
JSONObject responseObject = processResponse(responseCode, response);
return responseObject;
}
private String getResponseStringFromConn(HttpURLConnection conn) throws IOException {
BufferedReader reader;
if (conn.getResponseCode() == HttpURLConnection.HTTP_OK) {
reader = new BufferedReader(new InputStreamReader(conn.getInputStream()));
} else {
reader = new BufferedReader(new InputStreamReader(conn.getErrorStream()));
}
StringBuilder stringBuilder= new StringBuilder();
String line;
while ((line = reader.readLine()) != null) {
stringBuilder.append(line);
}
return stringBuilder.toString();
}
private JSONObject processResponse(int responseCode, String response) throws JSONException {
JSONObject responseJson = new JSONObject();
responseJson.put("responseCode", responseCode);
if (response.equalsIgnoreCase("")) {
responseJson.put("responseMsg", "");
} else {
responseJson.put("responseMsg", new JSONObject(response));
}
return responseJson;
}
- Enable custom security provider and provide the class name as below along with package name.
Login Flow
- Preview WaveMaker application
- Click Login With Azure AD. It will be redirected to Microsoft login. Here, provide the username and password.
- Read and provide user consent to the application.
- Once consent is accepted, the user will be logged in and redirected to the application.