堆栈内存溢出
  简体   繁体   English

有谁知道如何使用 Azure Active Directory 和 React SPA 设置 OpenIdConnect Auth 而不在浏览器中存储访问令牌

[英]Does anyone know how to set up OpenIdConnect Auth using Azure Active Directory and React SPA without storing access token in the broswer

 原文  2022-05-24 17:25:39       reactjs/ .net-core/ azure-active-directory/ single-page-application/ openid-connect

问题描述

I am trying to build an app where users can sign in using their work Microsoft account through open id connect.我正在尝试构建一个应用程序,用户可以在其中通过 open id connect 使用他们的工作 Microsoft 帐户登录。 All of the documentation on Microsoft seems to suggest that for React/SPA apps you should use the MSAL library to authenticate users but this seems to cache the access tokens directly in the brower through session storage. Microsoft 上的所有文档似乎都建议,对于 React/SPA 应用程序,您应该使用 MSAL 库来验证用户身份,但这似乎通过会话存储将访问令牌直接缓存在浏览器中。 To my knowledge this is bad practise and a backend for frontend approach should be used for this scenario instead where the access token is stored in a HTTP secure cookie.据我所知,这是一种不好的做法,应该在这种情况下使用前端方法的后端,而不是将访问令牌存储在 HTTP 安全 cookie 中。

Does anyone know how to do a backend for frontend type approach using Azure Active Directory?有谁知道如何使用 Azure Active Directory 为前端类型方法做后端? Is there support for this using Microsoft Api's or do I have to just write the code from scratch?是否使用 Microsoft Api 对此提供支持,还是我必须从头开始编写代码?

Thanks for any help谢谢你的帮助

1 个解决方案

解决方案1
 1  2022-05-24 18:16:06

You need to use a server side solution to issue application level secure cookies.您需要使用服务器端解决方案来发布应用程序级安全 cookie。 It is not specific to Azure AD.它不是特定于 Azure AD。

The Duende BFF solution is .NET based, and uses the web host, eg https://www.example.com , to issue cookies. Duende BFF 解决方案基于.NET,并使用网络主机(例如https://www.example.com )来发布cookie。 See this code example and the docs.请参阅此代码示例和文档。

It is also possible to issue cookies via a utility API that runs in a sibling domain of the SPA, eg https://api.example.com .也可以通过在 SPA 的同级域中运行的实用程序 API 发出 cookie,例如https://api.example.com This is a little more complex, but provides options such as deploying the SPA to a content delivery network - see this code example .这有点复杂,但提供了诸如将 SPA 部署到内容交付网络之类的选项 - 请参阅此代码示例

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用新的 auth0 SPA 存储令牌反应和 Redux - React and Redux with the new auth0 SPA storing token API 的 Auth0 React SPA 访问令牌不正确 - Auth0 React SPA incorrect access token for API 有谁知道如何使用打字稿在反应中更改页面标题? - Does anyone know how to change the page titles in react using typescript? 如何使用新的 auth0-spa.js 在不单击“登录”按钮的情况下重定向到 auth0? - How can I redirect to auth0 without clicking on the Log In button in react using the new auth0-spa.js? 有谁知道 webdriver-io 是否可以与 AWS 设备场一起使用? 如何设置? - Does anyone know if webdriver-io can be used with AWS device farm ? How to set it up? 如何使用 react SDK 访问 auth0 令牌? - How to access auth0 token with react SDK? 在React SPA App中存储和检索会话Laravel Passport令牌 - Storing and retrieving session Laravel Passport Token in React SPA App 在 SPA (React/Express/Postgres) 中使用 Active Directory 实现“角色”的标准方法 - Standard Way of Implementing "Roles" Using Active Directory in SPA (React/Express/Postgres) 在React前端安全地存储身份验证令牌 - Securely storing auth token in React Frontend 如何在反应中使用@auth0/auth0-spa-js 通过浏览器刷新保持登录 - How to persist login through browser refresh using @auth0/auth0-spa-js in react
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM