Reputation: 1
Authenticating API Calls from Front-End Angular Application Using Azure AD B2C (Without User auth)
I have a front-end Angular application and need to authenticate API calls using Azure AD B2C. My front end spa app is registered as a public client, and I want to authenticate and acquire tokens for API access without requiring the user to log in. I have tried different approaches but its not working, as its public client we cannot use client credential flow or oauth flow as it cannot securely store creds.
I have already implemented The user authentication via Angular Frontend using b2c and works fine.
export const msalConfig: Configuration = {
auth: {
clientId:"",
authority: "",
knownAuthorities: "",
redirectUri:"" ,
postLogoutRedirectUri: b2cConfigs.logoutRedirectUri,
},
cache: {
cacheLocation: BrowserCacheLocation.LocalStorage,
storeAuthStateInCookie: isIE,
},
system: {
loggerOptions: {
loggerCallback(logLevel: LogLevel, message: string) {},
logLevel: LogLevel.Verbose,
piiLoggingEnabled: false,
},
},
};
I am trying to authenticate few api's without a user authentication from my front end application which is a public client.
***Tried below ways already*******
Checked if we will get any token after MSAL is initialized using default scope: Result: If we try to fetch a token without an active account, it will error out with the message: "No active account found." This confirms that an active user session is required for token acquisition.
Tried assigning Application Permissions for spa to allow backend API access: Result: Not supported for SPAs, as they are public clients and cannot use the client credentials flow. This is because SPAs cannot securely store secrets.
Assigned Delegated Permissions instead of Application Permissions: Result: It requires an active account to acquire an access token. It needs an authenticated user for this to work.
Tried using the default scope and client credentials from the frontend: Result: Public clients (like SPAs) do not support the client credentials flow, so this approach does not work.
Proof Key for Code Exchange (PKCE): Result: It requires a user login to obtain an authorization code. Relies on the user's active session to authenticate and acquire a token.
Upvotes: 0
Views: 45
Answers (0)
Related Questions
- Why do I get a 400 - Bad Request when requesting an access token from Azure B2C using the ROPC flow?
- Azure AD B2C - ASP.Net Core Angular Application - Error while acquiring token for downstream Web API
- Why is accessToken field of acquireTokenSilent response is always empty?
- Azure AD B2C - Using access token returned from sign in flow to secure the rest web API
- Authenticate Azure AD User Using Azure B2C
- Azure B2C - enable logins without needing to create a User
- Obtain Azure B2C user permissions (authorize user) using Auth Flow With PKCE, MSAL v2, Vue.js, & Azure Functions
- SPA best practices for authentication and session management
- Mobile App Authentication with Web Api using Azure Ad B2C using Our own Login View for Signin
- Azure B2C Implicit Flow for SPA using Auth API gives invalid token for openid scope