Enabling Federated Identity in Phone Applications
version = 16jul14

The fedid phone project scaffolding nuget package supports the following three user stories, managing persistence of issued tokens in all cases and surfacing of claims in client for stories 2 & 3.
1.  As a phone app developer I want to enable signin for an o365 [ spo, crm, yammer ] tenant token so that i can call the service endpoints it exposes.
2.  As a phone app developer I want to enable signin for an azure web role token so that i can call the service endpoints it exposes.
3.  As a phone app developer I want to enable signin for an on-premises listener and azure service bus relay endpoint token, or other client composition combinations, so that i can call the service endpoints they expose.

/*** note - this nuget package was created as an interim solution while we awaited the azure active directory [aad] product group's [pg] active directory authentication library [adal] for wp apps nuget package story for oauth token acquisitions and related housekeeping. You should be using that aad pg fully supported story wherever you can. For scenarios it covers and associated samples see http://aka.ms/aadScenarios and http://aka.ms/aadSamples . ***/
The following steps outline how you use it:
1.  if you don’t have the visual studio nuget package manager extension installed use http://nuget.org/ | install nuget to add it.  
2.  with your phone project selected open the package manager console enter "Install-Package FedId.Phone.Project.Scaffolding -version" or from the manage nuget packages dialog search for and install the "fedid phone project scaffolding" nuget package.  The latter option only works if you have domain credentials and have added https://ms-nuget.cloudapp.net/api/v2/ feed entry to tools | package manager | settings | sources.  The current package drops target wp8 and wp81 silverlight project usage.  As noted above for wp81 universal project support see the pg's adal for wp81 package.  If you need wp7 project support you'll need to pull the drop.
3.  in your phone project add code excerpt below or use nuget package provided code snippet "wpFedIdSignIn<tab><tab>" to add boilerplate token validity check and signin call code to your MainPage_Loaded(object sender, RoutedEventArgs e) implementation just in front of view model data load calls, e.g. if (!App.ViewModel.IsDataLoaded)
4.  in your phone project use nuget package provided code snippet "wpFedIdSessionCookieHeaderAttach" or "wpFedIdSessionCookieContainerAttach" or "wpFedIdAuthorizationHeaderAttach" to attached signin acquired session token, or saml/swt security token to rest or soap service calls.
note - the SignInAsync and SignOutAsync calls have to execute on the UI thread so if you are trying to execute from an event handler executing on a background thread wrap these call inside a Dispatcher.BeginInvoke(() => { . . . } anonymous delegate.  
example solution is available here, see PhoneApp1/PhoneApp2/PhoneApp3 MainPage.xml.cs | MainPage_Loaded(), SignOut() and ViewModels\MainViewModel.cs | LoadData().
example project code excerpts
private async void MainPage_Loaded(object sender, RoutedEventArgs e)
    if (!FedId.Instance.IsSecurityTokenValid())
        await FedId.Instance.SignInAsync("<oauth aad/adfs or wsfed acs or wsfed adfs signin params>");
        var rawToken = FedId.Instance.SecurityToken.RawToken;  // in case of oauth token acquisition
        var sessionCookieHeader = FedId.Instance.SecurityToken.SessionCookieHeader;  // in case of legacy session token cookie acquisition
        var claims = FedId.Instance.SecurityToken.Claims;  // usable for UI elements but signature not verifiable so don't use for client side authZ
    if (!App.ViewModel.IsDataLoaded)
public void LoadData()
    // call service attaching FedId.Instance.SecurityToken.RawToken or .SessionCookieHeader
private async void SignOut_Click(object sender, EventArgs e)
    /* if (FedId.Instance.IsSecurityTokenValid()) */ await FedId.Instance.SignOutAsync();
miscellaneous notes
- The corresponding symbols and sources for the assemblies provided by this nuget package are being published on //symbolsource.org/.  This enables f11 step into debugging support that allows you to delve deeper into any of the routines this package provides.  For details on how to enable f11 step into debugging support see the post "Debugging NuGet Packages using SymbolSource".  To optimize that experience i recommend using the "only specified modules" option and entering the names of the assemblies provided in nuget package that you want to debug thru.  You should also see the debug and test of modern applications link below as this typically enables determining the root cause of signin failures very quickly.
- If you read this then you may find the posts "Debug and Test of Modern Applications", "Enabling Federated Identity in Web Applications"  and "Enabling Federated Identity in WinRT Applications" also of interest.
- For details on how to publish your app in the internal sccm/intune environment, so it can be discovered and installed using company portal application, visit the it dev center.