You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/spatial-anchors/concepts/authentication.md
+9-10Lines changed: 9 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,7 +9,6 @@ ms.author: pmorgan
9
9
ms.date: 05/28/2019
10
10
ms.topic: conceptual
11
11
ms.service: azure-spatial-anchors
12
-
ms.custom: has-adal-ref
13
12
---
14
13
# Authentication and authorization to Azure Spatial Anchors
15
14
@@ -94,7 +93,7 @@ For applications targeting Azure Active Directory users, the recommended approac
94
93
1. Register your application in Azure AD as **Native application**. As part of registering, you will need to determine whether your application should be multi-tenant or not, and provide the redirect URLs allowed for your application.
95
94
1. Switch to the **API permissions** tab
96
95
2. Select **Add a permission**
97
-
1. Select **Mixed Reality Resource Provider** under **APIs my organization uses** tab
96
+
1. Select **Microsoft Mixed Reality** under **APIs my organization uses** tab
98
97
2. Select **Delegated permissions**
99
98
3. Check the box for **mixedreality.signin** under **mixedreality**
100
99
4. Select **Add permissions**
@@ -107,12 +106,12 @@ For applications targeting Azure Active Directory users, the recommended approac
107
106
2. In the **Select** field, enter the name of the user(s), group(s), and/or application(s) to which you want to assign access.
108
107
3. Hit **Save**.
109
108
2. In your code:
110
-
1. Make sure to use the **application ID** and **redirect Uri** of your own Azure AD application as the **client ID** and **RedirectUri** parameters in ADAL
109
+
1. Make sure to use the **application ID** and **redirect Uri** of your own Azure AD application as the **client ID** and **RedirectUri** parameters in MSAL
111
110
2. Set the tenant information:
112
111
1. If your application supports **My organization only**, replace this value with your **Tenant ID** or **Tenant name** (for example, contoso.microsoft.com)
113
112
2. If your application supports **Accounts in any organizational directory**, replace this value with **Organizations**
114
113
3. If your application supports **All Microsoft account users**, replace this value with **Common**
115
-
3. On your token request, set the **resource** to "https://sts.mixedreality.azure.com". This "resource" will indicate to Azure AD that your application is requesting a token for the Azure Spatial Anchors service.
114
+
3. On your token request, set the **scope** to "https://sts.mixedreality.azure.com//.default". This scope will indicate to Azure AD that your application is requesting a token for the Mixed Reality Security Token Service (STS).
116
115
117
116
With that, your application should be able to obtain from MSAL an Azure AD token; you can set that Azure AD token as the **authenticationToken** on your cloud session config object.
118
117
@@ -180,16 +179,16 @@ The Azure AD access token is retrieved using the [MSAL library](../../active-dir
180
179
2. In the **select** field, enter the name of the application(s) you created and to which you want to assign access. If you want your app’s users to have different roles against the Spatial Anchors account, you should register multiple applications in Azure AD, and assign to each a separate role. Then implement your authorization logic to use the right role for your users.
181
180
3. Hit **Save**.
182
181
2. In your code (note: you can use the service sample included on GitHub):
183
-
1. Make sure to use the application ID, application secret, and redirect Uri of your own Azure AD application as the client ID, secret, and RedirectUri parameters in ADAL
184
-
2. Set the tenant ID to your own AAAzure ADD tenant ID in the authority parameter in ADAL
185
-
3. On your token request, set the **resource** to "https://sts.mixedreality.azure.com"
182
+
1. Make sure to use the application ID, application secret, and redirect Uri of your own Azure AD application as the client ID, secret, and RedirectUri parameters in MSAL
183
+
2. Set the tenant ID to your own Azure ADD tenant ID in the authority parameter in MSAL.
184
+
3. On your token request, set the **scope** to "https://sts.mixedreality.azure.com//.default"
186
185
187
186
With that, your backend service can retrieve an Azure AD token. It can then exchange it for an MR token that it will return back to the client. Using an Azure AD token to retrieve an MR token is done via a REST call. Here is a sample call:
188
187
189
188
```
190
-
GET https://mrc-auth-prod.trafficmanager.net/Accounts/35d830cb-f062-4062-9792-d6316039df56/token HTTP/1.1
189
+
GET https://sts.mixedreality.azure.com/Accounts/35d830cb-f062-4062-9792-d6316039df56/token HTTP/1.1
0 commit comments