BlackBerry Spark Communications Platform Guide

Example: Azure Identity Management

The BlackBerry Infrastructure can authenticate a user with Azure Active Directory. If your users already sign in to your app using Azure Active Directory, you can easily extend the implementation to allow the BlackBerry Infrastructure to use Azure Active Directory for access and identity management.

Authenticating Spark Users with Azure Active Directory

Azure Active Directory supports JSON Web Tokens (JWT). Your app needs to pass the JWT access token along with the user ID to the Spark SDK so that the user is authenticated against your Azure Active Directory. Your app can parse the JWT access token returned from the Azure authentication service to get the Active Directory user ID and other information.

In Microsoft Azure, each access token must be used for a specific resource. The scope parameter sent in the authentication request can contain multiple permissions, but all the permissions must be for the same resource. The access token that is used with the Spark SDK must not be used for other resources such as Microsoft Graph API.

Configure Azure for Spark

To use Azure Active Directory for authenticating a user with Spark, follow the steps in the section below to register a Web API with a scope defining the permission to use Spark. This allows the Spark servers to validate the access token that your app received from the Azure Active Directory authentication service.

Note: These instructions assume your app will use Azure Active Directory v2.0 authentication API.

App Registration

From the Azure Application Registration Portal add a new App.

Add a Permission Scope for Spark

Continuing in Azure Application Registration Portal, add a permission scope for Spark.

Azure Portal

Azure Portal

Configure the Spark Domain

Modifying an example app to use Azure Active Directory

The Spark example applications can be set up to use Azure Active Directory for Identity Management.