Authorize a user, against Azure Active Directory, to perform an action in desktop application with C++

Christopher Pisz 1 Reputation point

Our project is written in C++.
We have an Azure Active Directory with registered users.

I've been tasked with creating and assigning roles, and then authorizing users of our desktop application to perform particular actions in the application.

My searches landed me on ADAL and MSAL, however both talk about getting tokens to use Web Apps and APIs. I don't have any web apps or APIs. I just want a user to be able to log in, the application to go fetch that user's role, and then allow or disallow that user to perform an action.

What is my path for this use case?
There are so many terms and acronyms in there. Am I to use MSAL or Microsoft identity or Graph?

Also, none of these libraries seem to support C++. What are some tactics I can use to still get the task done?

Microsoft Identity Manager
Microsoft Identity Manager
A family of Microsoft products that manage a user's digital identity using identity synchronization, certificate management, and user provisioning.
608 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,414 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. 2020-12-21T20:42:24.98+00:00

    Hello, Microsoft Identity is a platform made up of serveral components, including libraries such as MSAL .NET. Using C++ you should be able to leverage it. For authorization you will need to retrieve an access token. Please take a look to Desktop and mobile public client apps samples for different scenarios.

    Please let me know if you need more help. If the answer was helpful to you, please accept it and, optionally, provide feedback so that other members in the community can benefit from it.

  2. Christopher Pisz 1 Reputation point

    Microsoft Identity Platform and Microsoft Graph both have http interfaces that will only require GETs and POSTs. I was able to use those along with the OAuth2 ROPC flow to get what I need.

    0 comments No comments