openiddict-core VS microsoft-authentication-library-for-js

Openiddict is also an option. Check it out.https://github.com/openiddict/openiddict-core

To implement an OAuth server together with OpenID connect specification, I used a free and open source framework called Openiddict. You should checkout their GitHub repository at github.com/openiddict/openiddict-core. It is a nice and feature rich tool which help you get started very fast. However, comparing to alternatives like identity server, it needs more implementation rather functionalities coming out of the box.

You can use Openidict https://documentation.openiddict.com/, give it a try

Openiddict to create your own OpenID Connect server if you want to deep dive into auth https://github.com/openiddict/openiddict-core

If you do want a .NET IdP then you could look into OpenIddict but will require some hands on work, at a minimum authorisation controllers. If you're looking for something more out of the box OrchardCore's OpenId module might be better for you.

I personally prefer using Cookies with openiddict.

Also, the OAuth bit is very cool!! Do you plan to support OpenIddict it’s a free federated identity server.

Okta is a great example of an IdP, although there are many others. Auth0, Ping Federate, Amazon cognito, etc. OP also mentioned Identity Server, which is a framework for implementing your own IdP. I've also personally used an open-source library called [OpenIDDict[(https://documentation.openiddict.com/) to great success. I would highly recommend attempting to implement one of these providers as a learning exercise.

You can use the sample provided at https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/samples/msal-node-samples and integrate it in hooks.server.ts.

I'm utilizing the Authorization Code sample provided in the MSAL Node.js library (https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/samples/msal-node-samples/auth-code), with the only modification being the addition of the aforementioned scope to my configuration. Below, I've shared the relevant segment of my customConfig.json and the primary code snippet where the error surfaces.

As the backend handles the token acquisition, no other code or library, such as MSAL.js, is required in the single-page application itself. This also means that no tokens are required to be stored in the browser session or local storage. By encrypting and storing the access token in an HttpOnly cookie protects it from XSS attacks, and scoping it to the API domain and setting SameSite=strict ensures that the cookie is automatically sent with all proxied API first-party requests. More on SameSite cookies can be read here.

The easiest way to secure Angular apps with the Microsoft Identity Platform is by using the MSAL (Microsoft Authentication Library) Angular package. This package contains Angular-specific building blocks for implementing MSAL in your app.

For example: https://github.com/AzureAD/microsoft-authentication-library-for-js

I was imagining something like this, and since you’ve got it on the frontend already just throwing the token to the backend and letting it validate the token https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/samples/node-token-validation-samples/basic-sample

I did an azure ad implementation recently(laravel / SPA). I used the offical msal.js library (https://github.com/AzureAD/microsoft-authentication-library-for-js) to present the azure ad login screen. After successful login, I take the received azure ad access token and send it to my laravel based api. there, I verify the token and if valid and the user exists in the app, I create an access token for my apis and return it to the spa. The spa then uses this token for further requests, until the lifetime of the token expires. Hope that helps a bit, feel free to ask for details :)