Implemented test windows application based on official manual: https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/application-proxy-configure-native-client-application
Following code is a result:
IPublicClientApplication clientApp = PublicClientApplicationBuilder
.Create("Native App Client Id")
.WithRedirectUri("http://localhost")
.WithAuthority("https://login.microsoftonline.com/"My Tenant ID"")
.Build();
Microsoft.Identity.Client.AuthenticationResult authResult = null;
var accounts = await clientApp.GetAccountsAsync();
IAccount account = accounts.FirstOrDefault();
IEnumerable<string> scopes = new string[] { "api://"APP Proxy Uri"/user_impersonation" };
try
{
authResult = await clientApp.AcquireTokenSilent(scopes, account).ExecuteAsync();
}
catch (MsalUiRequiredException ex)
{
authResult = await clientApp.AcquireTokenInteractive(scopes).ExecuteAsync();
}
if (authResult != null)
{
HttpClient httpClient = new HttpClient();
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
HttpResponseMessage response = await httpClient.GetAsync("App Proxy based URL"+ "/api/values");
Everything works fine until HTTP request with a token, it is being redirected to login.microsoft.com: error
Redirect URI to login.microsoft.com: {https://login.microsoftonline.com/9966XXXXXXXXXXXXXXXXXXXXXXXX/oauth2/authorize?response_type=code&client_id=XXXXXXXXXXXX&scope=openid&nonce=983XXXXXXXXXXXXXX&redirect_uri=https:%2f%2fXXXXXXX.msappproxy.net%2f&state=AppProxyState:{"InvalidTokenRetry":true%2c"IsMsofba":false%2c"OriginalRawUrl":"https:%5c%2f%5c%2fXXXXXXXXXXXXXXX.msappproxy.net%5c%2fapi%5c%2fvalues"%2c"RequestProfileId":"XXXXXXXXX"}%23EndOfStateParam%23&client-request-id=XXXXXXXX}
Any ideas what's wrong? Browser access works just fine, also JWT token is fully valid and being passed correctly.
