stackoom
  简体   繁体   中英

How do I validate and decipher Authorization Bearer Token obtained from Azure AD in a Node Azure Function (for Role Based Access Control)?

 原文  2021-10-03 17:07:52       node.js/ azure-active-directory/ azure-functions/ bearer-token/ rbac

Question

I'm using Azure AD and have registered an application in it. I've used msal-browser JS library to sign-in the user and obtain an Authorization token:

{
    //...
    "accessToken": "eyJ0eXAiOiJKV1QiLCJub25jZSI6IkY...",
    "account": {
        "homeAccountId": "00000000-0000-0000-bac6-4831a1177397.9188040d-6c67-4c5b-b112-36a304b66dad",
        "environment": "login.windows.net",
        "tenantId": "62765715-2081-4050-bdc7-8c2e178d7424",
        "username": "tfgh55555@outlook.com",
        "localAccountId": "6fad727e-1df2-4b14-b234-30b407b7ab42",
        "name": "Tali Gehrin",
        "idTokenClaims": {
            "aud": "0d42647a-183c-404b-bbe1-796ad6420989",
            "iss": "https://login.microsoftonline.com/62765715-2081-4050-bdc7-8c2e178d7424/v2.0",
            "iat": 1633271767,
            "nbf": 1633271767,
            "exp": 1633275667,
            "idp": "https://sts.windows.net/9188040d-6c67-4c5b-b112-36a304b66dad/",
            "name": "Tali Gehrin",
            "nonce": "b04400da-eb58-4617-bbaa-5c66e04d762a",
            "oid": "6fad727e-1df2-4b14-b234-30b407b7ab42",
            "preferred_username": "tfgh55555@outlook.com",
            "rh": "0.AREAFVd2YoEgUEC9x4wuF410JHpkQg08GEtAu-F5atZCCYkRABI.",
            "roles": [
                "content_manager" //<= the role i'm interested in
            ],
            "sub": "WbvYLdLb3DNVgczM_iyu4n4i-s8mPtfhQqVyAK_abaU",
            "tid": "62765715-2081-4050-bdc7-8c2e178d7424",
            "uti": "HDhn_MWkl0iGcm-jlBEMAA",
            "ver": "2.0"
        }
    },
    //...
}

I'm passing accessToken in an HTTP call as header

Authorization: Bearer yJ0eXAiOiJKV1QiLCJub25jZSI6IkY...

How do I validate and decipher this token inside an Azure function running Node?

1 answers

solution1
 -1  2021-10-06 06:53:45

You can validate and decipher this token inside an Azure function running Node by Azure function that implements the HTTP trigger. This requires configuration data to perform a token validation and these are inside the AzureAdTokenAttribute instance. However, the token will be inside the HttpRequest. To have access to what was implemented in the token validation service, you will insert IHttpContextAccessor.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Validate Azure AD access token with spring security Authorization - mapping a Azure AD group to a Snowflake role Azure role-based access control user cannot find resource Azure C# - How to Get User Details from Bearer Token Cognito Authorization with Azure AD SAML integration returns id_token and access_token but no refresh token How do I check if the user from a non-Graph Azure AD token is a member of an email distribution list in an APIM policy Scope is not being added to Access Token returned from Azure Ad How I can protect Azure Function by authorization? Increase access token lifetime in Azure AD How to connect Excel to a Web API (Azure AD + Bearer)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM