问题
I'm creating a web service that contains authentication (no identity), and I protected the APIS with JWT (the token is returned when the user logs in or registers by email, password, name, etc..) but I also have a microsoft login/register using MSAL, I also created an Azure App. How do I validate the login with microsoft to return the JWT or how could I implement the API authorization using both JWT and Azure AD.
回答1:
You have currently registered an Azure application, you can set it as a client application, and then you need to create a back-end application representing the api, and then let the user log in to your client application to complete authorization and obtain an access token, and finally use the the access token calls the api application.
The operation process is as follows:
First expose the api of the back-end application and add the client application.
Next,under 'API permissions', give your front-end application access to your backend api:
- Under 'API permissions' click on 'Add permission', then click on the 'My APIs' tab.
- Find your backend application and select the appropriate scope.
- Click 'Add permissions'.
- Grant admin consent for your APIs.
Next, you need to use the auth code flow to obtain an access token,which requires you to log in to the user and obtain the authorization code, and then use the authorization code to redeem the access token.
Parse the token:
Finally, you can use the token to call the api.
The complete sample is for your reference.
来源:https://stackoverflow.com/questions/65800504/is-there-a-way-to-authorize-net-core-3-0-apis-with-jwt-and-also-azure-ad-tokens