B4A Class [class][B4X] Microsoft OAuth2

Hi there:

I've adapted Erel's Google Oauth2 class to login with Microsoft, adapting the code from this post (thanks @stu14t)

For now, it's just working on B4A. It works in B4A and B4J, not tested in B4i. Probably with @Erel's help it will work in B4i.

MicrosoftOAuth2 class takes care of several tasks:

1. Opening the browser and getting the authorization code.
2. Getting and saving the access token and refresh token from the authorization code.
3. Getting a new access token when it expires using the refresh token.

Setup

1. Go to https://entra.microsoft.com ->Aplication Developer->Register app. After registering your app, you will need your client_id and your tenant_id
2. Configure your “API permissions”. You will need, at least “User.Read” permissions, and you have to see the green check. (I can't test the sendMail because I got no permissions from my IT Manager. You need the Mail.Send permission)

1731252396993.png


B4A

3. Still in microsoft web, go to “Authentication” and “Add a platform”. Select “Android”. Set the package name (MUST be the Package Name set in the B4A IDE (Ctrl-B))

1731252424991.png


IMPORTANT: Package name ("Nombre del paquete" in the next image) must be the same that in the IDE
"Sign HASH" ("Hash de firma" in the image) must be your Private key, in base64 format. In the example you will get your private key base64 hash in LOGS if you run the app. Copy it, and paste in the Microsoft page: (code from this post)

B4X:
Log("Use this sha1 base64 sign to register your app in ms: " & su.EncodeBase64(raw))
result:
Use this sha1 base64 sign to register your app in ms: 2pmj9i4rSx0yEb/viWBYkE/ZQrk= ‘FAKE
1731252442151.png




Using that code in the microsoft page you will get a “redirection URI” you must use it in order the browse redirects back to your app after you send your login credentials

1731252674436.png


Add to your APP Manifest this code, in order the browser returns to your app after login
B4X:
AddActivityText(Main,
<intent-filter>
<action android:name="android.intent.action.VIEW" />
<category android:name="android.intent.category.DEFAULT" />
<category android:name="android.intent.category.BROWSABLE" />
<data android:scheme="msauth"
android:host="$PACKAGE$"
android:path="2pmj9i4rSx0yEb/viWBYkE/ZQrk=" ‘The same you get in your LOG app
/>
</intent-filter>

B4J

Go to “Authentication” and “Add a platform”. Select “Mobile and Desktop apps”. In redirection_uri add: http://127.0.0.1:51067

1731442797895.png


Set the client_id and tenant_id in B4XMain, and test!!

Any improvement is welcome!!

1731253035460.png
1731253070267.png



6.png
 

Attachments

  • 1731253058949.png
    1731253058949.png
    67.1 KB · Views: 151
  • B4XMSLogin.zip
    24.5 KB · Views: 178
Last edited:

josejad

Expert
Licensed User
Longtime User
Uploaded v0.2. Now it's working in B4A and B4J!!

If someone want to test it in B4i, he's welcome!
 
Last edited:

CaptKronos

Active Member
Licensed User
Longtime User
Thanks for updating this very useful library. To get this to work in B4J, I had to make a few changes. The sendemail related changes probably need to be made for B4A and B4I though I haven't tried yet.

B4X:
Not required, but just to make it clearer:
    Private ClientSecret As String = "" ''leave empty! Note that unlike Google, Microsoft does not use ClientSecret
    
    Private const tenant As String = "consumers"

I needed to change the scope for sendemail to work:
    MSGraph.Initialize(Me, "MSGraph", ClientId, tenant, "https://graph.microsoft.com/User.Read https://graph.microsoft.com/Mail.Send offline_access", ClientSecret, xui.DefaultFolder)

    
In Sub SendEmail comment out the following since sendemail doesn't return personal info:
    'ParsePersonData(j.GetString)
        
In MicrosoftOAuth2, not required, but just to make it clearer:
    #if not(b4j)
    Private sha1b64 As String = "q0HQUeHdfadfae+23_2aAtT1Io=" 'Fake, get yours from the log when you run the app
    #end if
 

a.consorti

Member
Licensed User
Hi, I'am creating a web server and I need to autenticate to azure. I've created registration app and I'm using api to login and redirect to a landpage with a simple welcome message . I've done almost everythink but the redirect give me always errror 500 after the auth callback. Naturally I don't write anything before the sendredirect but error occour. Even chatgtp fail and I thing that it could be fail for not recent version of jetty...may be possible?
 

josejad

Expert
Licensed User
Longtime User
web server
Sorry, I haven't worked with this kind of solution. Please start a new thread and post your code or even better, a sample project to see if some come help you.
 
Top