[英]Does anyone know how to set up OpenIdConnect Auth using Azure Active Directory and React SPA without storing access token in the broswer
I am trying to build an app where users can sign in using their work Microsoft account through open id connect.我正在尝试构建一个应用程序,用户可以在其中通过 open id connect 使用他们的工作 Microsoft 帐户登录。 All of the documentation on Microsoft seems to suggest that for React/SPA apps you should use the MSAL library to authenticate users but this seems to cache the access tokens directly in the brower through session storage. Microsoft 上的所有文档似乎都建议,对于 React/SPA 应用程序,您应该使用 MSAL 库来验证用户身份,但这似乎通过会话存储将访问令牌直接缓存在浏览器中。 To my knowledge this is bad practise and a backend for frontend approach should be used for this scenario instead where the access token is stored in a HTTP secure cookie.据我所知,这是一种不好的做法,应该在这种情况下使用前端方法的后端,而不是将访问令牌存储在 HTTP 安全 cookie 中。
Does anyone know how to do a backend for frontend type approach using Azure Active Directory?有谁知道如何使用 Azure Active Directory 为前端类型方法做后端? Is there support for this using Microsoft Api's or do I have to just write the code from scratch?是否使用 Microsoft Api 对此提供支持,还是我必须从头开始编写代码?
Thanks for any help谢谢你的帮助
You need to use a server side solution to issue application level secure cookies.您需要使用服务器端解决方案来发布应用程序级安全 cookie。 It is not specific to Azure AD.它不是特定于 Azure AD。
The Duende BFF solution is .NET based, and uses the web host, eg https://www.example.com , to issue cookies. Duende BFF 解决方案基于.NET,并使用网络主机(例如https://www.example.com )来发布cookie。 See this code example and the docs.请参阅此代码示例和文档。
It is also possible to issue cookies via a utility API that runs in a sibling domain of the SPA, eg https://api.example.com .也可以通过在 SPA 的同级域中运行的实用程序 API 发出 cookie,例如https://api.example.com 。 This is a little more complex, but provides options such as deploying the SPA to a content delivery network - see this code example .这有点复杂,但提供了诸如将 SPA 部署到内容交付网络之类的选项 - 请参阅此代码示例。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.