I am trying to test Office365 authentication,...

(Keith Lehman) #1

I am trying to test Office365 authentication, but keep getting the error

login.microsoftonline.com refused to connect”. The error occurs if I try to authenticate as anyone other than myself (even though the authenticated user is on the whitelist). Does the 365 authentication require that the application be deployed first?

(Dinh Nguyen Nguyen) #2

@Keith_Lehman Hi Keith, you said that you attempted to authenticate as other users. Do you actually have the required credentials (username/email, and password) to log into these Microsoft accounts? If not, Microsoft will not allow you to log in.

Adding these users to the app’s white list simply means that you’re giving these users permission to access your app. It does not mean that you can log into their Office365 accounts through AppSheet.

(Keith Lehman) #3

@Harry

Yes, I have the required credentials. The accounts that I am testing are test accounts that I’ve set up as part of our Office365 subscription. AppSheet makes an initial attempt to authenticate with Office365, and gets as far as requesting the username, but then fails with the message.

(Praveen Seshadri (AppSheet)) #4

No, there is no such requirement. Are you using a login.microsoftonline.com - Sign in to your account account or is it a corporate Office365 account? Sign in to your account login.microsoftonline.com

(Keith Lehman) #5

@praveen It’s a corporate Office365 account. I’ve tested with Chrome and Edge, and both inside of a DIV and directly as a new tab. Interestingly, sometimes if I close and re-open the browser the app appears to be active - I can add new records but can not see any of the records in the database unless I log into AppSheet and edit the app.

(Praveen Seshadri (AppSheet)) #6

Keith, could you please send in the details to support@appsheet.com

— we’ll need to take a closer look. Thanks

(Keith Lehman) #7

@praveen : I believe I found the issue. It looks as though Microsoft (or perhaps AppSheet) is setting X-Frame-Options to deny on the second authentication step (request user password). We wanted to embed the full screen AppSheet view into a third party dashboard. We’ll have to use the next best thing instead. (Not sure what that is yet.)

Thanks for the help.

  • Keith
(Keith Lehman) #8

@Keith_Lehman If I first authenticate outside of the dashboard, it works find (whatever authentication token MSFT is using is valid across tabs.)It simply can’t make it through the authentication process if it is inside of a frame. We’ll look into using Office 365 authentication for the entire portal, perhaps that will solve the issue.

(Praveen Seshadri (AppSheet)) #9

Yes, that’s right. Google as well as Microsoft do not allow authentication inside an iframe. This is because of security concerns (a rogue site could embed another page within it via an iframe and then get access to the information inside the iframe).