Authorize a user, against Azure Active Directory, to perform an action in desktop application with C++

Question

Our project is written in C++.
We have an Azure Active Directory with registered users.

I've been tasked with creating and assigning roles, and then authorizing users of our desktop application to perform particular actions in the application.

My searches landed me on ADAL and MSAL, however both talk about getting tokens to use Web Apps and APIs. I don't have any web apps or APIs. I just want a user to be able to log in, the application to go fetch that user's role, and then allow or disallow that user to perform an action.

What is my path for this use case?
There are so many terms and acronyms in there. Am I to use MSAL or Microsoft identity or Graph?

Also, none of these libraries seem to support C++. What are some tactics I can use to still get the task done?

Answer 1

Hello, Microsoft Identity is a platform made up of serveral components, including libraries such as MSAL .NET. Using C++ you should be able to leverage it. For authorization you will need to retrieve an access token. Please take a look to Desktop and mobile public client apps samples for different scenarios.

Please let me know if you need more help. If the answer was helpful to you, please accept it and, optionally, provide feedback so that other members in the community can benefit from it.

Answer 2

Microsoft Identity Platform and Microsoft Graph both have http interfaces that will only require GETs and POSTs. I was able to use those along with the OAuth2 ROPC flow to get what I need.