Xamarin.Auth Authentication Issues.

I have run into issues the last couple of days trying to get the Xamarin.Auth library to work with my WebAPI and Active Directory. For the life of me, I can't get our API to work with Xamarin.Auth but I can log in through a browser and view our JSON data. I'm using Joe Suave's example as a starter.

Our URL structure is like this: https://####.azurewebsites.net/api/web*

The default URL in AD and the WebAPI: https://####.azurewebsites.net/

My reply URLs in AD are as follows:



Based upon the Joe Suave Example, I have set OAuthSettings as follows:

ClientId: "Assigned Web App Client ID in AD"
AuthorizeURL: "https://login.microsoftonline.com/[Our AD TenantID GUID]/oauth2/authorize"
Scope: string.Empty // Should this be our api/web* calls?
RedirectURL: [One of the above redirects]

These settings get me to the Microsoft Login Page. I log in and I'm given an error that either the data returned is forged or the Resource was not returned.
I'm unable to get the proper authentication data to return and call my api/web*.

Using the */aad/callback reply URL results in 'Expected access_token in response, but did not receive one.'

Using the */api/webgreeks reply URL results in 'Invalid state from server. Possible forgery!'

I tried to retrieve the actual AAD###### error but it disappears way too quickly. The app is being run in iPhone 6 10.2 simulator on an iMac. Are there any tools I can be running to capture the returned data better? Edit: I actually did retrieve it: AADSTS50001 Resource Identifier not provided. Could this be my answer?

Any ideas on what I might be doing wrong?


  • EnriqueRomeroEnriqueRomero USMember
    edited October 2018


    you must inherit and extend the xamarin.auth class with Resource parameter like this:

    namespace Xamarin.Auth
    public class AuthenticatorExtensions : OAuth2Authenticator

        private string _resource { get; set; }
        public AuthenticatorExtensions(
            string clientId,
            string scope,
            Uri authorizeUrl,
            Uri redirectUrl,
            string resource,
            GetUsernameAsyncFunc getUsernameAsync = null,
            bool isUsingNativeUI = false) :
            base(clientId, scope, authorizeUrl, redirectUrl, getUsernameAsync, isUsingNativeUI)
            _resource = resource;
        public AuthenticatorExtensions(string clientId, string clientSecret, string scope, Uri authorizeUrl, Uri redirectUrl, Uri accessTokenUrl,string resource, GetUsernameAsyncFunc getUsernameAsync = null, bool isUsingNativeUI = false) : base(clientId, clientSecret, scope, authorizeUrl, redirectUrl, accessTokenUrl, getUsernameAsync, isUsingNativeUI)
            _resource = resource;
        public override Task<Uri> GetInitialUrlAsync(Dictionary<string, string> custom_query_parameters = null)
            if(custom_query_parameters == null)
                custom_query_parameters = new Dictionary<string, string>()
                    {"resource", _resource }
            else if (custom_query_parameters.ContainsKey("resource"))
                custom_query_parameters.Add("resource", _resource);
            return base.GetInitialUrlAsync(custom_query_parameters);


Sign In or Register to comment.