Reputation: 21
Azure AD B2C Angular front + Django Backend
We need to create application based on Angular, Django and with integrations with Azure B2C AD.
Now, we have done part with Angular, we make request to Azure B2C, when user will be sign in, it return to angular app with ?id_token.
And there is our problem, because frontend need to communicate with our backend written in Django. We need to secure this connections and get know who is making request.
We want to create something like that:
angular->Azure B2C
Azure B2C->(with id_token)->angular
angular->Django(with id_token)->create session->angular(send session_key)
angular->Django(with session_key->angular(with requested data)
And there is problem, we don't know how to verify that user is successfully signed in in Azure. (Part which I make italic).
Upvotes: 2
Views: 1034
Answers (1)
Reputation: 501
You should get an Authorization Code from AAD B2C and not a token, as the OAuth 2.0 authorization flow describes it.
So you should do:
Angular -> Azure B2C
Azure B2C -> (with auth code) -> Angular
Angular -> Django(with auth code) -> retrieve access_token and refresh_token
Angular -> Django Secured API (with access_token)
We just released our own implementation of Angular + AAD B2C (running on ASP.NET Core but the logic should be the same, you will only need to find the Django equivalent), if you want to see how to do it: https://github.com/3DSemantix/angular-asp.net-core-aad-b2c
Upvotes: 1
Related Questions
- Use Azure AD B2C custom domain without Azure Front Door
- ASP.NET Web API + Angular + Azure AD B2C Authorize
- How does the Azure AD B2C sign up policy integrate with an AngularJS Application?
- Angular Azure Active Directory B2C Authentication - CORS issue
- Login Issue to Azure AD B2C
- Integrate Azure Active Directory B2C with Angular app
- Angular Support For Azure AD B2C
- Azure B2C AD Redirect to Angular App
- Make Azure AD B2C Application a Multi-Tenant Application
- Angular2 to IdentityServer4 to Azure B2C