Skip to main content
Version: v10.15

Azure OAuth Prefab Integration

Prefab: Azure OAuth Prefab

OAuth 2.0 is an open-standard authorization protocol or framework that provides the ability to securely allow access to the web, mobile, and desktop applications. To learn more about the working of WaveMaker OAuth Prefabs, click here.

Azure OAuth Prefab Properties

Attribute NameAttribute TypeDescriptionRemarks/sample values
loginmodeUIInbound parameter. This property sets the login mode, auto login or manual loginauto/manual
buttoncaptionUIInbound parameterLogin With Azure
This property sets the caption onto the Azure login button.
buttonclassUIInbound parameterbtn-primary
This property sets the custom class onto the Azure login button
loginsuccessmessageUIInbound parameterAzure Login Success
This property will set the text for the toaster after successful authorization
accesstokenUIOutbound parameter
Access Token from Azure
callbackurlUIOutbound parameter
Callback url 
authorizationheaderUIOutbound parameter
Authorization header to pass on along with request
AppidServerApplication ID of Azure registered application
SecretServerSecret of Azure registered application
PageServerLanding page after loginMain
ScopeServerScopes required to access/retrieve data of useropenid
AuthReqURLServerAuthentication request URL
TokenReqURLServerAccess token request URL

Azure OAuth in WaveMaker

To use the Azure OAuth prefab, please follow the steps below:


  1. Azure OAuth Prefab
  2. Access to Azure Active Directory Setup
  3. Access to Azure App Registration Portal
  4. Microsoft Graph API Access

Configure Azure Portal

  1. Log on to and enter your credentials. It redirects to the Azure Portal Home page.

  2. Search for App Registrations from the top navigation bar and click it.

  1. On the App Registrations screen, click New Registration and provide the app name, account type, and redirect URI.

  1. In the left panel under App Registration, click Certificates and Secrets then Create New Client Secret and copy the secret value.

  1. In the left panel under App Registration, click API Permissions and add permission Microsoft Graph -> Directory.AccessAsUser.All.

  2. In the left panel under App Registration click Authentication and add redirect URIs as below.

  • <YOUR_APP_URL>/services/azureOAuthHandler/callback
  • <YOUR_APP_URL>/prefabs/AzureOAuth/azureOAuthHandler/callback

Using Azure OAuth Prefab in WaveMaker

  1. Download the prefab from Git repository Azure OAuth Prefab and import it as a prefab on your WaveMaker Studio.

  2. Drag and drop the Azure OAuth Prefab.

  1. Set Login Mode.
  • Auto - Auto Login right after initialization
  • Manual - On Click of Prefab Login Button
  1. Set Server Properties, as below:
  • Scope - openid
  • AppID - It is an application ID from Azure registered application
  • Secret - It is a client secret to the respective application
  • AuthReqURL - Provide Authentication Request URL
  • TokenReqURL - Provide Token Request URL

  1. Azure OAuth prefab -> Events -> onAccesstokenfetch

It is a callback action. To fetch an accesstoken successfully, invoke login variable, with j_username as ‘ADAUTH’ and j_password as an accesstoken (outbound param).

Page.AzureOAuth2Accesstokenfetch = function($event, $data) {
App.Actions.loginAction.dataBinding.j_username = "ADAUTH";
App.Actions.loginAction.dataBinding.j_password = $data.accesstoken;

Server Side Configuration

  1. Create a Java Service MyAuthenticationManager by implementing a WMCustomAuthenticationManager interface.
    import javax.servlet.http.HttpServletRequest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import com.wavemaker.runtime.service.annotations.ExposeToClient;
import com.wavemaker.runtime.service.annotations.HideFromClient;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.HashSet;
import org.json.JSONArray;
import org.json.JSONObject;
import org.json.JSONException;

Override authenticate method as below

public WMUser authenticate(AuthRequestContext authRequestContext) {
HttpServletRequest httpServletRequest = authRequestContext.getHttpServletRequest();

//setting the logged in user object to null initially
WMUser user = null;

//checking for the security provider type i.e., whether it is OAuth or DB provider
String securityProvider = httpServletRequest.getParameter("j_username");

//logic for the OAuth as the security provider
if ("ADAUTH".equals(securityProvider)) {"ADAUTH LOGIN FLOW - STARTS");
//obtaining the token from Prefab
String token = httpServletRequest.getParameter("j_password");
if (token == null) {
return null;
}" --------- ADAUTH Token is "+token);
try {
JSONObject userInfo = getUserInfoFromGraph(token);"AZURE AUTH "+userInfo);
String username = new JSONObject(userInfo.getString("responseMsg")).optString("userPrincipalName");"AZURE AUTH - userPrincipalName "+username);
user = new WMUser(username, Arrays.asList("DEFAULT"));
user.setUserId(token); // set user id for WM user
} catch (Exception e) {
logger.error("ADAUTH LOGIN - Failed to authenticate", e);
// throw e;

else {
logger.error("ADAUTH LOGIN - Username must be ADAUTH");
// throw new Exception("Username must be ADAUTH");
// returning the logged in user object
return user;


private JSONObject getUserInfoFromGraph(String accessToken) throws Exception {
// Microsoft Graph user endpoint
URL url = new URL("");
HttpURLConnection conn = (HttpURLConnection) url.openConnection();

// Set the appropriate header fields in the request header.
conn.setRequestProperty("Authorization", "Bearer " + accessToken);
conn.setRequestProperty("Accept", "application/json");

String response = getResponseStringFromConn(conn);

int responseCode = conn.getResponseCode();
if(responseCode != HttpURLConnection.HTTP_OK) {
throw new IOException(response);

JSONObject responseObject = processResponse(responseCode, response);
return responseObject;

private String getResponseStringFromConn(HttpURLConnection conn) throws IOException {

BufferedReader reader;
if (conn.getResponseCode() == HttpURLConnection.HTTP_OK) {
reader = new BufferedReader(new InputStreamReader(conn.getInputStream()));
} else {
reader = new BufferedReader(new InputStreamReader(conn.getErrorStream()));
StringBuilder stringBuilder= new StringBuilder();
String line;
while ((line = reader.readLine()) != null) {

return stringBuilder.toString();

private JSONObject processResponse(int responseCode, String response) throws JSONException {

JSONObject responseJson = new JSONObject();
responseJson.put("responseCode", responseCode);

if (response.equalsIgnoreCase("")) {
responseJson.put("responseMsg", "");
} else {
responseJson.put("responseMsg", new JSONObject(response));
return responseJson;
  1. Enable custom security provider and provide the class name as below along with package name.

Login Flow

  1. Preview WaveMaker application

  1. Click Login With Azure AD. It will be redirected to Microsoft login. Here, provide the username and password.

  1. Read and provide user consent to the application.

  1. Once consent is accepted, the user will be logged in and redirected to the application.

See Also

How Custom Authentication Works
WaveMaker OAuth Prefabs