使用AAD進行認證

basic auth flow

其他補充

Token Expiration

When the native application uses its authorization code to get a JWT access token, it also receives a JWT refresh token. When the access token expires, the refresh token can be used to re-authenticate the user without requiring them to sign in again. This refresh token is then used to authenticate the user, which results in a new access token and refresh token.

1. Access Token只有一個小時，如果超過一個小時，AAD會自動refresh token，使用者不需要再次輸入帳密
2. Refresh tokens last for 14 days
3. 在14天之內token有一直被Refresh 最常可到 90 天，才會要求同仁重新輸入帳號密碼

在ADAL3.0之後已內建Token Refresh 機制

Useful links

• http://bitoftech.net/2014/09/12/secure-asp-net-web-api-2-azure-active-directory-owin-middleware-adal/

• https://azure.microsoft.com/en-us/documentation/articles/active-directory-authentication-scenarios/

• http://nicksnettravels.builttoroam.com/post/2015/03/01/Using-a-Refresh-Token-to-Renew-an-Expired-Access-Token-for-Azure-Active-Directory.aspx

• http://timothelariviere.com/2017/02/13/call-an-azure-ad-protected-api-in-xamarinuwp-apps/

Advanced Help

無法正常在Portable Library 安裝ADAL，處理辦法

https://forums.xamarin.com/discussion/56749/cannot-add-active-directory-authentication-library-package-to-xamarin-forms-and-droid-application

Could not install package 'Microsoft.IdentityModel.Clients.ActiveDirectory 3.13.8'. You are trying to install this package into a project that targets '.NETPortable,Version=v4.5,Profile=Profile259', but the package does not contain any assembly references or content files that are compatible with that framework. For more information, contact the package author