The new Azure AD app registration with the Microsoft Identity platform
I’ve been looking at this, mainly from the perspective of the new “App registrations” flow.
When you create an application, you are asked:
Essentially, just the name and the account type is needed. You can leave the redirect URI blank — more later.
If you are not sure of the types, click “Help me choose”.
It then takes you to the overview page and you’ll also see:
If you click on e.g. the .NET one, you see:
Clicking this adds the redirect URI for you! So much easier then trying to figure out what it is, whether there is a trailing slash at the end etc.
After clicking this, you see:
So it tells you what is going to happen. If you click the button, you see:
Because you do this from inside the portal, Azure AD knows the ID of this client and tenant so the values are pre-populated for you.
All you have to do is copy / paste this into the web.config.
So lets recap.
I have to:
- Think of a name for my app registration
- Specify an account type
- Click two buttons for the redirect URI
- Download the GitHub sample
- Copy / paste the ID’s into the web.config
and I have a working sample in less than five minutes!
Running the sample shows:
Click the button and I see the Azure AD login screen:
(The background BTW is Long Bay in Auckland).
and it shows me all my claims:
I created this sample plus a WPF one plus a .NET Core one and had it all working inside ten minutes.
They can all use the same app registration which is a bonus compared to the old way where I had to have a different registration for each sample. Plus it was all manual and I had to decide between web app / API and native.
Five minutes after I started, I had a fully-working Identity solution with Azure AD and I can now get on with adding the business logic without having to figure out all the Identity details.
The plumbing is hidden from me. I didn’t need to know that the solution uses OWIN middleware or that the protocol is OpenID Connect or that it uses the Microsoft Authentication Library (MSAL) or that the endpoint is a V2 one.
And I can get all the other Azure goodness as well e.g. password protection, conditional access, MFA etc. if required.
You can see that we are heading towards friction-less or seamless Identity.
This is very much a trend in the industry and you can see other vendors like Auth0 and Okta all heading in the same direction.
It is so much easier than it was, especially from a developer perspective.