Azure Active Directory Verify Access Token in Web Api outside of Azure
Question
If my Web Api application is hosted outside Azure, can I use access tokens issued by Azure AD and verify the tokens in the Web Api itself or against Azure AD? All the examples available are referring to the Web Api applications hosted on Azure. But there must be a way to do this with Web Api outside Azure. Any reference to solution would help.
1 answers
solution1
1 ACCPTED 2016-10-10 01:45:49
Azure active directory support the OAuth 2.0 to authorize the third-party apps. It doesn't matter where the web API or apps hosted. Below figure is the stand OAuth flow from RFC 6749 – The OAuth 2.0 Authorization Framework .
Technically, the web API only need to verity the token from the endpoint it trust. I also explained the detail about verifying the access token from this thread .
And if you want to know more about the scenarios developing with Azure AD, you can also take a look this article .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.