从 React 到 Flask API 的 Azure AD 不记名令牌
[英]Azure AD bearer token from React to Flask API
问题描述
I've setup my project, ie I have created a front-end in React, and a back-end in Flask.
我已经设置了我的项目,即我在 React 中创建了一个前端,在 Flask 中创建了一个后端。
In my front-end I call my back-end with a post method with the following code:在我的前端,我使用带有以下代码的 post 方法调用我的后端:
function POST(path, data) {
return fetch(`${fetchUrl}${path}`,
{
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': 'Bearer ' + RequestAccessToken(),
},
body: JSON.stringify(data)
}
)
}
Where RequestTokenAccess() :其中RequestTokenAccess() :
const { instance, accounts, inProgress } = useMsal();
const [accessToken, setAccessToken] = useState(null);
const name = accounts[0] && accounts[0].name;
function RequestAccessToken() {
const request = {
...loginRequest,
account: accounts[0]
};
instance.acquireTokenSilent(request).then((response) => {
setAccessToken(response.accessToken);
}).catch((e) => {
instance.acquireTokenPopup(request).then((response) => {
setAccessToken(response.accessToken);
});
});
}
And then just the following to actually make the call to the back-end:然后只需执行以下操作即可实际调用后端:
const [data, setData] = useState()
function fetchData(e) {
e?.preventDefault();
POST('/my_app', { data: data }).then(
async (response) => {
const json = await response.json()
setData(json.return_data)
}
)
}
So for the front-end everything is working.所以对于前端来说,一切正常。 I can get a MS Login that authorizes me so I can actually se the front-end, and I can also get a token from the RequestAccessToken function, which is given as a header to the back-end call.我可以获得一个授权给我的 MS 登录,这样我就可以实际设置前端,我还可以从RequestAccessToken函数中获取一个令牌,该令牌作为后端调用的标头提供。 So everything seems to be set on the front-end part.所以一切似乎都设置在前端部分。 However, the back-end calls also need to be secure is my guess, but I am not sure how that works.但是,后端调用也需要安全是我的猜测,但我不确定它是如何工作的。
Basically my app.py file looks something like:基本上我的app.py文件看起来像:
from flask import Flask, request, jsonify
from my_app_func import MyAppFunc
app = Flask(__name__)
@app.post("/api/my_app")
def my_app():
data = request.json.get("data")
return_data = MyAppFunction(data)
return return_data
So basically, what do I need in order secure back-end calls ?所以基本上,为了安全的后端调用,我需要什么? I have the token as a Bearer Token in the post call.我在通话后将令牌作为不记名令牌。 But what is the next step ?但下一步是什么? What do I actually do with it ?我实际上用它做什么?
2 个解决方案
解决方案1
0 2022-04-13 05:42:15
You have to register another app on the portal azure and and give permissions to the api and configure that in the another app in portal azure .您必须在门户网站 azure 上注册另一个应用程序,并授予 api 权限并在门户网站 azure 的另一个应用程序中进行配置。 Try to do something in that space.尝试在那个空间做点什么。
解决方案2
0 2022-05-30 07:40:26
I also have the same question, but couldn't find answer.我也有同样的问题,但找不到答案。 Below is what works for me:以下是对我有用的:
If you want to validate the user from flask, you can send the token along with your request from react.如果您想从烧瓶中验证用户,您可以将令牌与您的请求一起从 react 发送。
Then within flask, validate the user by making a request to microsoft graph api.然后在烧瓶中,通过向 microsoft graph api 发出请求来验证用户。
Here is one example how to do this:这是一个如何执行此操作的示例:
https://github.com/Azure-Samples/ms-identity-python-flask-webapp-call-graph https://github.com/Azure-Samples/ms-identity-python-flask-webapp-call-graph
Another question for you is why you can directly concatenate RequestAccessToken() as a string?另一个问题是为什么可以直接将 RequestAccessToken() 连接为字符串? isn't it only call the setAccessToken?不是只调用setAccessToken吗? I ask because in my react app, I don't know how to export the token so that other function can use it.我问是因为在我的反应应用程序中,我不知道如何导出令牌以便其他功能可以使用它。 I ended up using the MSAL.js v2, not the one for react.我最终使用了 MSAL.js v2,而不是用于反应的那个。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.