-
Notifications
You must be signed in to change notification settings - Fork 192
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clarifying use case scenario in documentation #274
Comments
There are 2 roles in: This MSAL library helps the former i.e. web app to obtain a token. Your DRF backend sounds like the latter i.e. web api who needs to validate that access token. We do not currently support that. A feature request is recorded at #147. |
That is correct: DRF receives the Any time frame for having the feature added? Looks like January is when it brought up. |
To be honest, there is no specific timeline to be shared at this moment. But it doesn't harm if you can add a thumb-up reaction on that issue for our future planning purpose, and then you also subscribe that issue so that you will be notified when we get back to that one eventually. |
Updated the first link used by @cheslijones at the beginning of this issue. Closing the doc issue here, and keep track of the feature requirement at #147. |
Reading through the documentation scenarios here and identifying the correct scenario for my use case:
react-aad-msal
directs them to login with their Azure AD credentials.id_token
andaccess_token
.access_token
needs to be sent from the microservice ReactJS FE to my microservice Django/Django-REST-Framework (DRF) API.access_token
against Azure AD as well to grant communication between the FE and the API, to make sure some garbage string wasn't sent to it from the FE.This use case leads me to believe that the "Web Application signing in a user and calling a Web API in the name of the user" is correct scenario and that this documentation found here is what I should be following to work on the Django.
That being said, all I'm really trying to do is validate the authenticity of the
access_token
sent over from the FE. I came across this documentation related to that.So I'm unclear from the documentation what I should be trying to implement here with this library: the "The web app that calls web APIs" scenario or just the token validation method.
Can someone offer clarity on this?
The text was updated successfully, but these errors were encountered: