microsoft-authentication-library-for-js VS frank_jwt

You can use the sample provided at https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/samples/msal-node-samples and integrate it in hooks.server.ts.

I'm utilizing the Authorization Code sample provided in the MSAL Node.js library (https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/samples/msal-node-samples/auth-code), with the only modification being the addition of the aforementioned scope to my configuration. Below, I've shared the relevant segment of my customConfig.json and the primary code snippet where the error surfaces.

As the backend handles the token acquisition, no other code or library, such as MSAL.js, is required in the single-page application itself. This also means that no tokens are required to be stored in the browser session or local storage. By encrypting and storing the access token in an HttpOnly cookie protects it from XSS attacks, and scoping it to the API domain and setting SameSite=strict ensures that the cookie is automatically sent with all proxied API first-party requests. More on SameSite cookies can be read here.

The easiest way to secure Angular apps with the Microsoft Identity Platform is by using the MSAL (Microsoft Authentication Library) Angular package. This package contains Angular-specific building blocks for implementing MSAL in your app.

For example: https://github.com/AzureAD/microsoft-authentication-library-for-js

I was imagining something like this, and since you’ve got it on the frontend already just throwing the token to the backend and letting it validate the token https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/samples/node-token-validation-samples/basic-sample

I did an azure ad implementation recently(laravel / SPA). I used the offical msal.js library (https://github.com/AzureAD/microsoft-authentication-library-for-js) to present the azure ad login screen. After successful login, I take the received azure ad access token and send it to my laravel based api. there, I verify the token and if valid and the user exists in the app, I create an access token for my apis and return it to the spa. The spa then uses this token for further requests, until the lifetime of the token expires. Hope that helps a bit, feel free to ask for details :)

NOTE: Never store sensitive information about a client in the payload as the JWT is just encoded and not encrypted. You can paste the JWT I gave as an example above in this cool site which basically allows you to see in decoded. JSON Web Tokens - jwt.io

Although they did not make it into production, I experimented with the RabbitMQ message broker, Python (Django, Flask), Kubernetes + minikube, JWT, and NGINX. This was a hobby project, but I intended to learn about microservices along the way.

JSON Web Token (JWT) creation to extend user authentication to server-side functions

The (probably) most famous web resource about JWT - https://jwt.io - provides such a definition of JSON Web Tokens:

If you want to play with JWT and put these concepts into practice, you can use jwt.ioDebugger to decode, verify, and generate JWTs.

In this context, JSON Web Tokens (JWTs) play a crucial role.

Json Web Token (JWT): Even though it is more like an industry standard, we will use JWTs for stateless authentication in this article. If you want to learn more, you can refer to the official documentation.

Se pegar o token jwt podemos ver o que tem dentro, usando o site jwt.io.