I'm trying to set up Microsoft Translation API (part of MS Cognitive Services) in my Android app (using Java). I'm relatively new to Android programming and authentication methods, and I'm a bit confused with the those ones.
When I registered for an Azure account I created an Azure Directory, then created an Android App in the portal, configured it and got my auth_config.json .
Well, when I checked the MS translator API docs I saw that I can use it through a GET request and the API key provided. But also I saw I can authenticate by using a token, and that's where I'm stuck.
I've searching for days and I cannot find a clear and concise tutorial/guide/docs to Authenticate (no user context) from my Android app in order to use MS translate API by using tokens.
I found this link but it's only applicable when users have to sign in.
Any help related to auth tokens flow and conceptual design of them is also welcomed, but the main question would be "How to authenticate an Android App (no user context) by using tokens for accessing an Azure API?"
Thanks.
It sounds like you are trying to create a native Android Application using Java to get an access token in order to utilize the MS Translator API. But you would like to flow to be non-interactive.
You shouldn't need to get an access token in order to utilize the MS Translator API. Per the documentation you will only need to get the translator keys and then you will be able to use the Translator REST API using the Translator key.
The Translator Getting Started on how to setup and get keys can be found here :
https://learn.microsoft.com/en-us/azure/cognitive-services/translator/translator-text-how-to-signup
And the documentation on how to use the Translator API in Java can be found here :
https://learn.microsoft.com/en-ca/azure/cognitive-services/translator/quickstart-java-translate
In addition to that, I think it's important to understand the concepts of how to get access tokens from Microsoft for the future.
The v2.0(also referred to as converged) endpoint flows and explanation on how the authentication process works can be found here under "concepts > authentication > OAuth2 .... flow".
https://learn.microsoft.com/en-us/azure/active-directory/develop/authentication-scenarios
That being said, the MSAL library doesn't necessarily have all these flows implemented yet. To see more information on what MSAL libraries support what auth flows, you can find this information at the link here :
https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-authentication-flows
Unfortunately we don't support the non-interactive flow using the MSAL Android library yet. If you're interested in this feature please submit an issue against the MSAL Android Library here : https://github.com/AzureAD/microsoft-authentication-library-for-android/issues
And one of the engineers that handles the library will reach out and discuss it further.
All the Azure AD libraries have wikis that can be found on their respective github repos. The MSAL Android one can be found here : https://github.com/AzureAD/microsoft-authentication-library-for-android/wiki
Hopefully this has been helpful, and if you have anymore questions please leave a comment.
Essentially you won't need to use MSAL and you should be able to just use the translator key to make calls to the MS Translator API.
Related
Please help me to find out the documentation on how to use java MASL SDK to get access_token for a service principal.
I am looking to find the documentation or GIT links which can guide me how to use the MASL library including the code samples.
I have gone through this link but it does not help me much : https://learn.microsoft.com/en-us/azure/active-directory/develop/msal-authentication-flows
And, I am not expecting code samples to be shared here. I just want to find out where to find such data. I am struggling a lot when it comes to finding the right knowledge with respect to azure learning. What am I missing here? Is there any azure reference link available to find such information at a centralized place?
Note that, based on your requirement you can make use of Authorization code Flow if you want the user to sign-in and authenticate and if you want to access API using Application then make use of Client Credential Flow.
I tried to reproduce the same in my environment and got the results like below:
I created an Azure AD Application and added API permission:
For Client-Credential Flow, refer this GitHub blog by siddhijain.
Use the MASL java SDK to authenticate user in azure function developed in java.
Assuming that you want to authenticate user, you can make use of Authorization code Flow to generate access token.
I generated the Authorization code by using below endpoint:
https://login.microsoftonline.com/TenantID/oauth2/v2.0/authorize?
&client_id=ClientID
&response_type=code
&redirect_uri=RedirectUri
&response_mode=query
&scope=https://management.azure.com/user_impersonation
&state=12345
A sign-in screen will appear for authenticating the user:
To generate the access token, I used below parameters:
https://login.microsoftonline.com/TenantID/oauth2/v2.0/token
client_id:ClientID
client_secret:ClientSecret
scope:https://management.azure.com/user_impersonation
grant_type:authorization_code
redirect_uri:RedirectUri
code:code
I am able to call the Function by using above generated access token:
To implement the above in MSAL Java library, refer the below GitHub Blogs:
Microsoft-authentication-library-for-js/msal-node/auth-code AzureAD by derisen
Microsoft-authentication-library-for-js/samples/msal-node AzureAD by rgins16
I am looking for a Java API to query Instagram images based on a given coordinate or bounding box. I will appreciate if someone can tell me if there is any such JAVA API exists?
TIA
You could do this by first searching for Instagram locations by geo coordinates using their /locations/search endpoint, and then pull the medias for each searched location using endpoint /locations/{location-id}/media/recent.
All Instagram APIs require authentication which means you would have to go through the process of creating an Instagram App and authorizing the app to access your account to get an Auth token. More details are available at https://www.instagram.com/developer/
The Java API 'jInstagram' mentioned by #Thanos is decent one to start with but it is not actively maintained and you still need all the App creation and authentication processes anyway. If you are doing serious development, it worth to write your Java program to access the Instagram endpoints directly. You can use Scrible to negotiate the OAuth process.
We have mobile application backend running in AWS. Backend build using Java spring front end supported for native iOS, native Android and angular js based website, it has own authentication using email id and password. Now we are planning to integrate our app authentication with our organisation Active directory which available in Azure AD.
We have outline idea about Azure portal application creation, use ADAL library to get token from azure. But we are not clear about how we can validate token at web service side. Could you please enlighten us about integration process
Unfortunately, Azure AD doesn't have great guidance on securing a web API in Java at this time. However, taking the open-source approach isn't terribly difficult in this case.
Azure AD's access tokens are JWTs, which are essentially just base64 encoded JSON strings with a signature. jwt.io has compiled a nice list of open-source libraries that can be used to validate JWTs (some libraries for generating them too, fyi). The best reference material available at this time is:
The claims listed in this token reference article where necessary (ignore the comment about id_tokens only, that's incorrect).
The OpenID Connect spec also has some good tidbits on how to validate tokens. You should also make sure to validate the scope claim, which won't be mentioned there.
This code sample shows how to take this approach, but it's in .NET. You can follow its patterns for Java.
The hardest part will be robustly fetching, caching, and refreshing the Azure AD public signing keys, making sure your app can handle key rollover. Microsoft's .NET open source library, for instance, refreshes the keys every 24 hours and refreshes them immediately any time signature validation fails. Most JWT libraries won't do that for you. The signing keys are available via Azure AD's OpenID Connect metadata endpoint,
https://login.microsoftonline.com/<tenant-or-common>/.well-known/openid-configuration
The OpenID Connect spec also has information on the format of the data available there.
Background
I believe the recommended way to access Google services from Android is to use the Google APIs Client Library for Java (for some services play services is recommeneded too).
If you want to access your user's account, you use oauth2 to authenticate the user, but things seem less clear if you want to access your own services (eg. I want to access Google Cloud Storage belonging to my app engine project).
The problem with service accounts
What I see a lot of here is using service accounts, and I've used them server-side and found them to be a comparatively simple solution, but this requires you to deploy your private key so I don't think this could be right for public Android apps.
The solution: Public API access
If you go to the 'credentials' page of the cloud console:
https://console.developers.google.com/project/[your_project]/apiui/credential
it seems pretty clear that they expect you to use a 'public API access key' for the situation I'm describing. It appears that this is not OAUTH based.
I assume that I will still use the type 'GoogleCredential' for this, but in the documentation for the credential builder I don't see how to do this. The set client functions appear to relate to the oauth2 access (which uses client ID/secret).
The Question
How do I use the 'public API access' key to access Google services from an Android app.
Or, if I'm wrong about service accounts - and they really are the recommended solution, then please show me some evidence of this because it certainly apppears to me that they are not the right solution for publicly distributed apps.
The good news is that it's very much easier. You can either use a Service Account (ie. a brand new account dedicated to your app) or a regular account.
For a service account you embed the key in your app, for a regular account you embed a refresh token in your app. In both cases, be aware of the security risk and use the minimal scope necessary.
You can get a refresh token without writing any code by following the steps in How do I authorise an app (web or installed) without user intervention? (canonical ?)
I have a web base email client that uses a java app to connect to IMAP and POP3 servers to download email. There is an issue that if a user usually logs in form the US that the java app will not have access to collect emails until that user logs in from the same county the java app is running.
I was told to overcome this to use google oAuth in order for the account user to give permission to my app to collect emails. Is this correct? Once this has been accomplished I would also like to the the API to import contacts, but for now authorization/authentication is sufficient.
The problem I am facing is that after trying to make heads a or tails of the google oAuth api documentation im really confused and did not yet manage to make a working example. Documentation often has links to a depreciated API and there is no example with a dowload link to both the API needed and exaple source code, as a result I think im using incorrect libraries for my examples.
Its also not clear to me what/how to accomplish what is needed do I use client authentication via javascript to create a popup whereby the user grants access?
Or do I use installed app client with a token and secret, this is what I tried but the 'command line' example I tried requires Java EE and this is a native app so I dont see why and I dont want to import all Java EE libraries to my small email downloader app.
Where can I find more intuitive documentation and working examples on this?
If you stay away from OpenID 2 and OAuth 1, I think the docs are pretty orderly these days. The best place to start is https://developers.google.com/accounts/docs/OAuth2