Api-App Authentication from web-app

Question

I have a Api-App hosted on Azure. I have another existing JavaScript web app client. In the web-app client I am using external login providers like goolge and Facebook login and storing the respective access tokens.

After reading the articles on how to authenticate Api-App using Azure AD, or Facebook, I understand that while calling the Api-App service I just need to add 'x-zumo-auth' and its corresponding value to the request header and that will do the magic.

Now my question is how can I reuse the access tokens as already acquired in my web-app client, in calling the Api-App service without again making a separate call to http://[gatewayurl]/login/[providername]?

Answer 1

Here is sample code that retrieves an Azure AD token and exchanges it for a Zumo token without going through a gateway login:

public async Task<AppServiceClient> GetAppServiceClient()
{
    var appServiceClient = new AppServiceClient(GATEWAY_URL);
    string userObjectID = ClaimsPrincipal.Current.FindFirst
        ("http://schemas.microsoft.com/identity/claims/objectidentifier").Value;

    var authContext = new AuthenticationContext
        (ConfigHelper.Authority, new TokenDbCache(userObjectID));

    ClientCredential credential = new ClientCredential
        (ConfigHelper.ClientId, ConfigHelper.AppKey);

    // Get the AAD token.
    AuthenticationResult result = authContext.AcquireToken(APP_ID_URI, credential);
    var aadToken = new JObject();
    aadToken["access_token"] = result.AccessToken;

    // Send the AAD token to the gateway and get a Zumo token
    var appServiceUser = await appServiceClient.LoginAsync
        ("aad", aadToken).ConfigureAwait(false);

    return appServiceClient;
}

For a step-by-step tutorial that goes through modifying and testing a web app that uses AAD, see Call an Azure API app from a web app client authenticated by Azure Active Directory.