0

Based on this reading the AuthorizeForScope tag in a controller will handle getting a new access token if there is an issue with the previous access token. This could be if the access token expires or the cache of the server is cleared and and the token was stored in cache similar to the implementations shown in the default Azure AD sample codes on github for calling MS Graph. This does exactly what it should if you are doing full page redirects using the browser URL by accessing a GET controller in my MVC web app. However, if you are using a SPA like VueJS we are not doing full page reloads but instead Axios requests. So if the controller has the AuthorizeForScope tag and the access token was cleared from cache then the tag does what it is suppose to it and creates a redirect for the new challenge to get the new access token. This redirect is returned to Axios as a redirect 302 error. I am able to intercept this event and convert this error to a 401 error and handle it on the front end by pushing the user to a custom login page with a button to do a new challenge manually. However, can this all be done without effecting the flow of the user experience? For example can a new token be obtained without a full page redirect and handled on the web server despite having delegated permissions for my app?

OR is this not possible and since the methods in my controllers do other stuff and not just use this token, should I just run a simple MS Graph function at the beginning of all of my methods in every controller to trip the error early to send that 401 error so they can hit the challenge button and get a new access token with a actual page redirect.

Irish Redneck
  • 983
  • 7
  • 32
  • Did this link can help you: [How to get Azure access token with Node js API using Axios](https://stackoverflow.com/questions/67009128/how-to-get-azure-access-token-with-node-js-api-using-axios) ? – Chen Dec 29 '22 at 08:55
  • Unfortunately no because my app only has delegated permissions where that solution uses application based permissions. – Irish Redneck Dec 29 '22 at 17:25
  • Hi, can I understand your requirement as, you want to make sure when your vue app calling your MVC api, you want to make sure the access token is validated, if not, redirect to sign page automatically without adding any code? – Tiny Wang Jan 03 '23 at 04:42
  • Yes I want to make sure the access token is validated, if not it should retrieve a new token silently without needing to redirect the user (as this would cause a CORS conflict for a SPA calling an axios request for the controller). – Irish Redneck Jan 03 '23 at 14:20
  • you may take a look at [this sample](https://github.com/Azure-Samples/ms-identity-javascript-tutorial/blob/main/3-Authorization-II/1-call-api/SPA/App/authPopup.js#L107), it demonstrates an SPA call an API, and you can see when clicking the button to call the api, it generates an access token first then use it to call API, so each request are certainly a valid/not expired token. If the sign-in information is expired, then I'm afraid the token-generate method should auto redirect to sign in page. You may test in your vue code. – Tiny Wang Jan 04 '23 at 02:41

0 Answers0