Microsoft Auth vs Azure Auth

Hello Everyone
I new to UD but am loving it so far. I need to know if there is a way to use the app secret with Microsoft OAuth. I can’t get it to work when applying the app secret parameter needed to access directory MSGraph data. Or I could use Azure OAuth but it will not accept the tenant ID in place of common. Is there a place to access the URL variable directly to replace common with the tenant ID? I can authenticate using either method successfully . Just need the added rights to user claims that I have added to the apps permissions in Azure registry. Would appreciate a nudge in the right direction.

Hi @it-terry-church

To configure your dashboard for Azure authentication, you need to use the following parameters:

Regarding the second part of your question though, I discussed of that problematic in my answer on this post

Basically, the JWT token you’d need to pass to make a call authenticated as yourself is not exposed in UD authorization header ($Request.Header).

Therefore, you cannot call the Graph API or other as the connected user currently.
The workaround would be to have application delegation and build your query so it get the desired results for the user based on the username claim.

I submitted a request regarding exposing the authorization token so this could be done in the future.

Thank you for your help on this. I have it doing SSO with Azure or Microsoft as the provider. I have to setup app registration for multiple tenants though. I will stick with Azure for now. I think the trouble is that it is still using v1 auth end points. I setup another app to test. Had same issue using v1. When I changed the auth endpoint to v2 more user attributes are passed to the app. I would prefer to just use the following URl as the auth endpoint. I will just use LDAP on-prem to get the attributes I need for now. Keep picking away this till I get it doing what I need.

Preferred = https://login.microsoftonline.com//v2.0/.well-known/openid-configuration

v1 = https://login.microsoftonline.com//oauth2/authorize & v2 = /oauth2/v2.0/authorize