Enterprise Mobility and Security Blog

RSS

Howdy folks,

TechEd Europe has just kicked off and to go along with the event, we have a ton of news to share this week. So I’ll be posting a couple times a day for the next few days.

To kicking off our string of cool news, we are introducing an important addition to our developer story: the ability for you to protect Single Page Apps (SPA) with Azure Active Directory.

As web browsers become more and more powerful, the expectations for a rich and responsive user experience raise accordingly. SPA apps, with their clever use of client-side resources via JavaScript, are a great way of meeting those expectations. Applications like Outlook Web App and Gmail are some of the best example of the compelling experience developers can create with SPA’s.

The developer preview we are announcing today includes two components, which are used together to enable you to leverage Azure AD in your SPA applications:

  • Azure AD support for OAuth2 implicit grant. The OAuth2 specification offers a grant type specifically for user-agent applications, that is to say applications written in JavaScript and running in a browser. This preview enables your applications to request tokens from Azure AD using the implicit grant.
    We wanted to make sure that this new preview feature does not interfere with your production apps, hence this new capability is exclusively opt-in and scoped to the specific apps you choose. More details in the links below.
  • JavaScript version of the Active Directory Authentication Library (ADAL). Today we are releasing the first preview of ADAL JS, a library that makes it extra easy to integrate in your SPA apps advanced authentication functions such as seamless sign-on, routes protection, token caching, automated silent tokens renewal, transparent protection of 3rd party Web API calls, and more. This preview of ADAL JS is designed to be very easy to integrate with AngularJS, one of the most popular SPA frameworks. If you’d prefer us to target other SPA stacks, please let us know – that’s exactly the type of feedback we are hoping to hear from you!

The best way of seeing the scenario in action is to take a look at this sample on our team’s GitHub. The library itself can also be found on GitHub, along with instructions on how to add it to your projects.

If you want to know more about the scenario, check out this deep dive post. If you prefer to watch a video, check out the latest installment of the Web Camp TV show on Channel9 – where Vittorio, a PM on my team, shows the SPA sample in action and goes deep in the scenario’s architecture.

This is a very early preview, in the spirit of moving forward through rapid iterations. You will notice some rough edges: those are intentional, this is a new scenario for us and it is super important to validate our approach with you before we start refining things.

Please give it a spin, and as always, we are looking forward to hearing any feedback or suggestions you have!

Best regards,

Alex Simons (Twitter: @Alex_A_Simons)

Director of PM

Active Directory Team