Summary

This app can help you get tokens and client id to test REST APIs. If the Map Control doesn't render you should check the console errors. When this happens it means access control hasn't been set for the principal trying to access the specified account.

Grant access by role assignments based on the Azure Maps accounts. Read more here.

You can use the Live Site troubleshooting Onenote to investigate why access is denied.

Server Token

Server token is used to provide a way to provide tokens to the map control without a need to force a user login. This requires an endpoint to provide a Bearer token issued from AAD. This callback will be invoked from the Map Control. However, this is the least secure form of securing the web sdk map control. We recommend some way of protection on the endpoint which is issuing tokens. Some options include IP control, throttling, dynamic html, OAuth2.0, identity providers, server to server proxy, or other options.

User Token

Implicit Grant

User token should be used to secure access to the map control for particular access control for users. This is an implementation of implicit grant (map control w/ ADAL.js) and use an iframe to refresh the token.

Secure Map

This is the recommended way if using Azure AD in a production environment.

OpenID Connect

Users who access this page will be forced to authenticate to the web application's identity service. In this case we are using Azure AD's Open ID Connect to sign into a web application. With this implementation the session of the user maintains a refresh token which allows the server to silently acquire a new access token without the forcing a login. This is considered more secure than the "User Token" page because it is using OAuth 2.0 authorization code grant instead of implicit grant. However this still does require an endpoint to retrieve the access token but in this case the endpoint is secure from attackers.