5

I am able to authenticate the react app with AAD and I am able to get the access token.

I have the following questions:

  1. My backend is in python flask (WEB API's). How do I make sure that every request sent by react app is also authenticated with the same token?

  2. Should I register a different application for the backend( python flask) or I can use the client ID of the same frontend application?

  3. If I am passing the token in the header while calling every API request from the frontend, how backend will verify is the token is valid? Also, should it verify every API request?

I have seen multiple options like flask-azure-oauth library and some other libraries. For frontend I have tried ADAL and MSAL libraries.

Improve this question

1 Answer 1

Reset to default
2
  1. In frontend make sure you append the accessToken in you're each HTTP request like, writing a common HTTP module and use it across the react app. And to make sure you're app is authenticated with same token you need to wrap react app with adal or MSAL or react-adal.
  2. You have to use the same client id which used in react app in you're python backend in-order to verify the token you're sending in the API request.
  3. You need to add before_request hook in flask and verify the accessToken you receive in the request. reference link

you can also check react-adal package for AAD authentication.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.