Microsoft Stream SSO 以编程方式与 Azure AD

Question

I know that is possible to configure the Azure AD SSO between Office 365 portals, but how can I do it programmatically?

Are there any ways in local ASP.NET web application to authenticate a user in Azure AD programmatically using username/password without prompt Azure AD logon screen, get a token and then redirect to Microsoft Stream page with the user authenticated?

I cannot find this functionality in Microsoft Graph API and the Microsoft Stream API are in development.

Answer 1

You can use this (resource owner password credential) flow to log in with specific user/pass https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth-ropc however, this will get you a token for azure ad app, I don't think it will work on the office 365 portals / stream portal though you can try it. It's mainly for accessing apis and aad applications. but feel free to give it a try, its the only way to authenticate with user/pass without interaction that I'm aware of.

Answer 2

You can use ROPC Flow to get the token which helps in authenticate to Microsoft Stream without login popup.

Here is the request for your reference:

POST {tenant}/oauth2/v2.0/token
Host: login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded

client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&scope=user.read%20openid%20profile%20offline_access
&username=MyUsername@myTenant.com
&password=SuperS3cret
&grant_type=password

Note: Microsoft recommends you do not use the ROPC flow. In most scenarios, more secure alternatives are available and recommended. This flow requires a very high degree of trust in the application, and carries risks which are not present in other flows. You should only use this flow when other more secure flows can't be used.

Based on the above note it advises using client credential flow . Please refer similar question with client credential flow that may help you