Microsoft Graph Auth on HoloLens–Device Code Flow

1 minute read

device-code

I was working with a sample that I had previously written using the Microsoft Auth Library which was originally used as an example of delegated auth on HoloLens but I recently extended the sample to also show ‘device code flow’ which you can see in the OAuth 2.0 spec here https://oauth.net/2/grant-types/device-code/. This flow allows the auth to happen on a second device which may be more convenient if typing passwords or codes is required on a HoloLens device given that the keyboard uses a gaze + air-tap input mechanism.

The video shows the device code flow in action using a HoloLens and a mobile phone as the second device.

So, I select the ‘code flow’ option by gazing and air-tapping (voice commands are also available). The flow is initiated by a call to AcquireTokenWithDeviceCodeAsync which is a method on the PublicClientApplication type from the MSAL library.

res.res = await app.AcquireTokenWithDeviceCodeAsync(scopes, string.Empty,
deviceCodeCallback =>
{
// This will print the message on the console which tells the user where to go sign-in using
// a separate browser and the code to enter once they sign in.
// The AcquireTokenWithDeviceCodeAsync() method will poll the server after firing this
// device code callback to look for the successful login of the user via that browser.
// This background polling (whose interval and timeout data is also provided as fields in the
// deviceCodeCallback class) will occur until:
// * The user has successfully logged in via browser and entered the proper code
// * The timeout specified by the server for the lifetime of this code (typically ~15 minutes) has been reached
// * The developing application calls the Cancel() method on a CancellationToken sent into the method.
// If this occurs, an OperationCanceledException will be thrown (see catch below for more details).
UnityEngine.WSA.Application.InvokeOnAppThread(() =>
{
tempStatusText = deviceCodeCallback.Message;
set = true;
}, true);
return Task.FromResult(0);
},
CancellationToken.None).ConfigureAwait(true);
view raw devicecode.cs hosted with ❤ by GitHub

The UI then shows a url and a code. On my phone (or other device) I navigate to the url in a browser and type in the code. I can then authenticate with my work account credentials and a token is returned to my app so I can use that in a call to the Microsoft Graph API to retrieve emails which I then display when clicking on the envelope models on the left.

The repo for this sample can be found here

Comments