How do I verify the token I receive from logging into my Angular App (Azure AD / MSAL) when making an API HTTP request to NodeJS?

Question

Currently where I am is this. I followed the Microsoft documentation to where a user can login to Angular front end via Azure Active Directory.

I followed this tutorial: https://learn.microsoft.com/en-us/azure/active-directory/develop/tutorial-v2-angular-auth-code

This then populate my local storage with various details including an idtoken and accesstoken.

My hope is to then send a token to my backend (NodeJS), and have it validate the token before executing the API and then sending back the result.

Previously I was able to do this with middleware and leveraging Cognito but I am being forced to switch to Azure AD for Auth.

Any help would be greatly appreciated as I am currently at a loss. Thank you.

What do you mean "before executing the API"? Is it azure API or your own? — yeya, Nov 30 '22 at 16:07

score 0 · Answer 1 · answered Nov 30 '22 at 16:09

0

Check this: https://www.npmjs.com/package/validate-azure-ad-token

I think this library made just for you

If you are using a @azure/msal-react or @azure/msal-browser on the frontend site and you just want to verify your Microsoft access token on your node server.

answered Nov 30 '22 at 16:09

yeya

1,968
1
21
31

I have tried that resource in the past but the documentation is very limited. I tried to implement it as middleware but I have only ever received the error: "The access token could not be decoded". I am not sure if I am setting the audience correctly. – user68288 Nov 30 '22 at 16:28
So you can do it yourself with https://www.npmjs.com/package/jsonwebtoken, or just try to use the token to get the client info from azure. – yeya Nov 30 '22 at 23:43

How do I verify the token I receive from logging into my Angular App (Azure AD / MSAL) when making an API HTTP request to NodeJS?

1 Answers1