Both my Frontend and Backend(Azure Functions) are secured by Azure Active Directory(AAD).
Frontend: I have implemented MSAL in Angular the way its described here: (https://www.pshul.com/2020/02/07/azure-ad-authentication-from-angular-to-azure-functions/). Now, when opening my Angular Webpage, i get redirected to a Microsoft Login, which only accepts correct users and accounts, which seem to work.
Backend: My backend endpoints do not allow requests without a valid id_token from an registered Account. All requests with an invalid token will result in a 401 (Unauthorized) error, which also seems to work.
The problem lies in calling backend functions from my frontend, or rather in getting an id_token: When i have logged in in the frontend like i have described above, i want to store the id_token and have my intercepter send it with every request, so i dont need an additional login every request. In the link I mentioned this seemed to be handled by MSAL and MSALInterceptor, which didnt work for me (it didnt send any bearer token to the backend), so I had my own interceptor grab the token from the localStorage. The problem is, that the token from the localStorage also results in a 401 Error, so it seems to be invalid. When i am not misunderstanding, when logging in, it calls the login and gets an id-token from https://MyAzureWebPage/.auth/me, which it stores in the local storage, but that token doesnt work. When calling https://MyAzureWebPage/.auth/me manually and using that id_token with postman, it works. Does anybody know what im doing wrong or where i can get the correct id_token?
Here is my MSAL configuration, maybe im doing something wrong there:
MsalModule.forRoot({
auth: {
clientId: 'myCliendAdd',
authority: "https://login.microsoftonline.com/myTenantID",
},
cache: {
cacheLocation: 'localStorage',
storeAuthStateInCookie: isIE, // Set to true for Internet Explorer 11
},
},
{
popUp: !isIE,
consentScopes: [
'user.read',
'openid',
'profile',
],
unprotectedResources: [],
protectedResourceMap: [
['https://MyAzureWebPage/.auth/me', ['user.read']]
],
extraQueryParameters: {}
}),
providers: [
AuthGuard,
RoleGuard,
{ provide: HTTP_INTERCEPTORS, useClass: MsalInterceptor, multi: true }
],
bootstrap: [AppComponent],
})
For some reason, the token i get from the msal (example:
this.broadcastService.subscribe("msal:acquireTokenSuccess", payload => {
console.log(payload)
});
and from the localStorage is different from the token i get when i call https://MyAzureWebPage/.auth/me, which is the only one which seems to work
If you need any further information I will add it here
