2

Background

I'm currently using Azure Functions v3.0 and MSAL Angular v2.0

I set up my Azure function AD registration using the express setup.

Callbacks were added automatically for function app, I've added a new one for the angular SPA. Only id token flow enabled.

The SPA logs in successfully, and acquires a JWT Bearer token

Directly accessing the function app also results in a correct login, and returns a session cookie

Question

The difficulty arises in trying to get the function app to accept the bearer token from the SPA app, should this be possible, or do I need to somehow exchange the bearer token for a session token

stevenrcfox
  • 1,547
  • 1
  • 14
  • 37
  • 1
    There's quite some documentation on that available. It's a bit old, but you could have a look at [Securing a REST API with Azure Active Directory](https://www.youtube.com/watch?v=6kxE2QqtkMc). – rickvdbosch Nov 02 '21 at 11:19
  • It should accept the bearer token as long as it is an access token that you acquired using a scope that you defined in the app registration's Expose an API tab. – juunas Nov 02 '21 at 11:25
  • @rickvdbosch saw that video. There's a lot of documentation on older versions of functions,AD, msal, and using the implicit flow. very little on the newer flows. also lots of differences in configs (default audience config etc) – stevenrcfox Nov 02 '21 at 11:37
  • @juunas have added the scope, using the user-impersonation token. not 100% confident that thats required with the express setup. when adding the permission, it looks like the AD registration is listed as the app rather than the underlying function app itself – stevenrcfox Nov 02 '21 at 11:38

0 Answers0