Reputation: 26897
Feed Azure OAuth access / refresh token to MSAL backend for caching
I've got a mobile app that uses a native oauth flow via react-native-oauth (which makes use of an inAppBrowser) to complete the oath flow for ios. When it's complete, I have the tokens and idToken natively.
What I'd like to do now is to pass these to my backend web server, so that I can kick start some calendar sync process for this user. However, my backend is using MSAL.NET with a custom TokenCache, so expects the tokens to be present in this cache. To achieve this on the web app, there is an oauth flow baked into the web app that is hooked into this MSAL setup, and thus works:
// Hook the auth code up to the token cache, that will ensure it gets into the database (msal_token_cache)
TokenCache cache = new MsaldbTokenCache(userId, db).GetMsalCacheInstance();
ConfidentialClientApplication cca = new ConfidentialClientApplication(opts.ClientId,
settings.Core.BaseUrl.UrlCombine(redirectUrl),
new ClientCredential(opts.ClientSecret),
cache,
null);
AuthenticationResult result =
await cca.AcquireTokenByAuthorizationCodeAsync(code, new[] {"Calendars.ReadWrite"});
I've no idea how to do this with my ios-authed tokens. I can't allow the web server to acquire the tokens via auth code exchange since it was initiated in IOS...
Can anyone help?
Upvotes: 1
Views: 87
Answers (1)
Reputation: 29291
I would design the solution to be architecturally separated so that it supports both web and mobile, which should work fine as long as both clients use the correct scopes for OAuth redirects:
- A Rest API triggers the calendar sync process for the user received in the access token
- One client of the Rest API is the back end of a web app - which uses MSAL.Net - and perhaps issues cookies to the browser
- Another client of the Rest API is the mobile app - which uses React Native OAuth
I would avoid aiming to mix the 2 clients together though. If the web back end requires auth cookies then the mobile client will not be able to provide them.
The back end for the mobile app needs to a Rest API endpoint and it's possible that the existing back end may need to be refactored a little, to separate web client concerns from API concerns.
Upvotes: 0
Related Questions
- MSAL.NET OBO refresh token problems
- Azure MSAL: Using the Token cache with client credentials
- How to refresh access token received with Azure authentication?
- Authenticate that a user has logged in with MSAL/Azure AD and serve them a token for my separate API?
- Will MSAL be able to maintain a token cache and refreshes tokens for you when they are close to expire in case of Custom REST API secured by Azure AD
- Acquire token with MSAL.Net using client secret instead of user credentials
- MSAL + OAUTH token refresh
- Get refresh token with Azure AD V2.0 (MSAL) and Asp .Net Core 2.0
- Obtaining AzureAD Refresh token in asp.net core 2.2 mvc app
- Use MSAL Auth token to consume Web API 2