0
votes

I am using the new msal.js for Single Page Applications (https://www.npmjs.com/package/@azure/msal-browser). The good news is I got it all working! So after logging in to azure ad I get redirected to my app with an access code and with that code msal is getting accesstoken/refreshtoken/idtoken from the azure code.

After this I am using the accesstoken to access my own web API that is hosted on my own on premise server. I am using spring boot in combination with azure-active-directory-spring-boot-starter. This all works fine too.

My question is: My server is contacting microsoft every time there is a request to the server.... why is this? It has got the JWT token from the request, the server knows clientid & client secret so why does it still needs to contact Microsoft? What is it doing/verifying? If I close the outgoing access to the Internet it is complaining "Couldn`t retrieve remote JWK set: connect timed out". So it looks like it is mandatory...

Could anybody explain how this is working? Beside this, does anybody know what range of ports need to be opened to microsoft?

Thanks in advance for your help!

Regards,

Peter

1

1 Answers