I have created a dummy Outlook mail account :
Username: arnab30dutta@outlook.com
Password: wiproinfotechbt012
Also registered my headless standalone Java App at https://apps.dev.microsoft.com/#/application/524f2f35-30ca-4497-9a58-654e431858ef (I dont require Spring Model Or View, + all necessary consents allowed) using above same user/password

SpringBootMailRESTApiApp

Application Id 7a1fff16-ef39-4299-a6b9-50d2b37924e4
Pass 8wLwBic9Hxwj9f9e5hkjq9n
RedirectcURI https://USHYDARNDUTTA2.us.deloitte.com:8080/signin-microsoft

Following URL When Tested with RestClient Firefox addon works fine:

https://login.live.com/oauth20authorize.srf?clientid=524f2f35-30ca-4497-9a58-654e431858ef&scope=openid+offlineaccess+profile+User.Read+Mail.Read+Calendars.Read+Contacts.Read&redirecturi=http%3a%2f%2flocalhost%3a8080%2fauthorize.html&responsetype=code+idtoken&state=717b3297-2692-4a3a-a22c-ade52010e24b&responsemode=formpost&nonce=adc6829c-c4c3-4895-818a-99e5f9574381&display=popup&uaid=94f304002ecd487cb72a708b8d14fb52&msproxy=1&issuer=mso&tenant=common&uilocales=en-US&loginhint=arnab30dutta%40outlook.com

But same don't work when hit from Spring Boot App.
Redirect URI never receives any response.

Code Attatched

Plz Plz Plz provide solution of - How to get the Authorization Code ?

"I need the Redirect To Work and fetch the code without any User Intervention."

What AM I Doing Wrong ? BTW
I am using Jetty, and
redirect on localhost wont work without user intervention hence https in redirect_uri

Re-word the New Sign-in experience UX prompt as it is miss-leading, 'I sign in frequently on this device. don't ask me to approve requests here"

In reality the tenant set MFA configuration is enforced, which in our case is for a single day.

I believe that the wording of the new sign-in prompt is highly miss-leading and should be altered as this message implies a loser security than is actually in place, which gives completely the wrong message to my users.

My user base will also be of the opinion that Office 365 isn’t working correctly as the behaviour will not match that suggested by the prompt, so this will not improve their confidence in the solution, which isn’t great at a time when we are organisational trying to drive adoption.

As an automation tester, I want the credential input on the new Azure AD web-based sign-in page to be able to be found and used the same way as on the old page so that my scripts don't break.

Currently, the old Azure AD web-based signin page has this for the username: <input id="creduseridinputtext" class="login_textfield textfield required email field normaltext" placeholder="username@egov.com" type="email" name="login" spellcheck="false" alt="username@egov.com" aria-label="User account" value="" autocomplete="off" aria-describedby="accessibleError">

And this for the password: <input id="credpasswordinputtext" class="login_textfield textfield required field normaltext" placeholder="Password" spellcheck="false" aria-label="Password" alt="Password" type="password" name="passwd" value="" aria-describedby="accessibleError">

Both of these elements have ID attributes that are unique within the page: creduseridinputtext and credpasswordinputtext.

There is also a div with an id of "redirectdotsanimation" that is visible while background processing is going on.

In the new page, the userid input is this: <input type="email" name="loginfmt" id="i0116" maxlength="113" lang="en" class="form-control ltr_override" aria-describedby="usernameError loginHeader loginDescription" aria-required="true" data-bind="textInput: displayName,

                hasFocusEx: isFocused,

                placeholder: $placeholderText,

                ariaLabel: tenantBranding.UserIdLabel || str['CT_PWD_STR_Username_AriaLabel'],

                css: { 'has-error': error },

                attr: inputAttributes&quot; aria-label=&quot;<a rel="nofollow noreferrer" href="mailto:username@egov.com">username@egov.com</a>&quot;&gt;

And the password is this:<input name="passwd" type="password" id="i0118" autocomplete="off" class="form-control" aria-describedby="passwordError loginHeader passwordDesc" aria-required="true" data-bind="

                textInput: password,

                hasFocusEx: isFocused,

                placeholder: $placeholderText,

                ariaLabel: str['CT_PWD_STR_PwdTB_AriaLabel'],

                attr: { maxLength: svr.fAllowLongPasswords ? 127 : null },

                css: { 'has-error': error }" placeholder="Password" aria-label="Enter password" maxlength="127">

Could the IDs from the old page be restored instead of "i0116" and "i0118"? It would make automating this page much easier to understand.

If application registration has Active Directory delegation it would NOT remove the Active Directory delegation behind the scenes even after removing all delegations.

I need to remove all application delegations, Save and then add a new non-active directory delegation and Save again in order to limit who can access the application and/or web service.

This is a issue as if there is any application that uses OAuth 2.0 and gets a token where the the "audience" | "aud": "00000002-0000-0000-c000-000000000000" it will have access to any application without restrictions of delegation rules if this lingering active directory access is behind the scene.

Regards,
Nelson J Perez

For integration with OAuth2 several solutions were tried both at the mobile application level (React Native) and at the Backend level (Laravel).

The problem we encounter with Laravel libraries is that they are focused on web application, where the process includes a redirect to the Microsoft page to make the entry. This as we are running from a server we would not have the way to make this redirect for the user. In Laravel we use Socialite that is of Laravel and OAuth 2 Client of PHP League. In the research process in Microsoft forums especially in this question (https://social.msdn.microsoft.com/Forums/en-US/80d7f6d3-472b-4c65-ba01-a0f234b4b82a/duda-con-protocolo-oauth ? Forum = vcses) gave us a perspective of a missing step, instead of pointing the web url redirect we point to the certificate that is generated when we register a mobile application, we will be testing with this form to see if it works for us.

In React Native we implemented an integration that already had towards the Active Directory and Azure. This worked but the test user had double factor authentication where we required that user to confirm through an email or a text message. But once we requested the page we were not blocked by the user to enter. I was just saying there was a problem with that user. After that he could not try again with him.

At the time of authentication to Active Directory integrated with Azure through a REST backend, for the url callback should we use the endpoint that gives us at the time of registering a native application? If it is not, what type of application should we register to have a url callback to help us with this purpose.

I am attentive to your help.