How to setup Authentication between Spring Security Web API and SSO Angular 9 App in Azure?

0
votes

so I am trying to get my Angular Spring Authentication working for like 3 weeks now and I am totally stuck. Here is what I am trying to do:

I have an SSO Angular App, which uses the '@azure/msal-angular' dependency to authentication and authorize against my Azure Active Directory. That part is working completely fine at this point.

In addition to my frontend, I have a Spring-boot backend-application as a Web API. What I am trying to do is, use the JWT Tokens that my frontend got from the Azure Authentication Process and use that token to authentication the Rest Call.

I am not sure what the correct authentication flow is from here on. I have seen these 3 different example implementation which are all different:

https://github.com/Azure-Samples/ms-identity-java-webapp

https://github.com/microsoft/azure-spring-boot/tree/master/azure-spring-boot-starters/azure-active-directory-spring-boot-starter

https://github.com/jdubois/spring-active-directory

Not one of these implementations worked for my backend. So the question is: What is the correct way to build this authentication flow? Is there a valid tutorial/example implementation that I have not seen yet?

1
angularspringazurespring-bootmsal
Did you resolve your problem? I am wondering how to do the same working process..Carlos Cruz
We did not end up with a good solution. What we did to make it work was to scrap the spring authentication process, and have it all work via the azure configuration. That did take like 2 weeks till it worked. Then we had the problem, that we had another page that was supposed to be accessable unauthorized so we had to hack that in there with an interceptor in the oauth2 konfiguration that stops the request to specific sites and injects a key, not a very good solutions aswell. We ended up scrapping the backend and implementing it with c# and an identity server.Marcus Lanvers
Thanks! I will follow these 2 tutorials: a) github.com/Azure/azure-sdk-for-java/blob/master/sdk/spring/… b) docs.microsoft.com/en-us/azure/developer/java/spring-framework/… In order to get an idea of what I can do.. and then make a combined aproach..Carlos Cruz

1 Answers

0
votes

Here is my thought process on this problem statement.

Angular Front end app - This shall follow PKCE authorization code flow to sign in users(Microsoft Identity JavaScript SPA approach). This app shall use MSAL Browser library to implement the above auth code flow and this below link provides details about this library with sample codes in github(MSAL Browser). You must pass the access token as Authorization Bearer token to the back end to access web api and access token will be validated as proposed in the below approach.

Spring-boot backend-application - This back end app serves api's protected by the Microsoft Identity and this shall follow the approach proposed in this documentation.Microsoft Identity Web APIs Approach