4

I'm having an Angular application that performs user authentication via Microsoft account. For this, I'm using the MSAL JS library which does work fine to authenticate the user. But we have the requirement where our backend server requires to call Microsoft Graph APIs. Now the issue is that the MSAL library returns access_token which has got a life span of 1 hour and so it can not be used once it is expired from our backend server.

So I'm looking for a way where I can get an authorization code, which can be exchanged from our back end server to get the access token and refresh token. And as we've got the refresh token as well, we can refresh the access token whenever it gets expired considering a refresh token is still valid.

I'm not sure if this is possible via the MSAL library or not, or if there is any other alternative available for SPA to support the case, I've described above.

Mark Rotteveel
  • 100,966
  • 191
  • 140
  • 197
Satish Lakhani
  • 445
  • 3
  • 10

1 Answers1

1

It is possible with MSAL.js 2.0 which is a drop-in replacement for MSAL.js 1.x and supports the authorization code flow for Single page applications. With MSAL.js 2.0 you can use the authorization flow with PKCE and refresh tokens in the Microsoft identity platform to keep users signed in while third-party cookies are blocked.

Read more here:

https://learn.microsoft.com/en-us/azure/active-directory/develop/tutorial-v2-javascript-auth-code https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-implicit-grant-flow https://learn.microsoft.com/en-us/azure/active-directory/develop/reference-third-party-cookies-spas

Rutha
  • 751
  • 3
  • 7
  • Hi @Rutha, First of all thanks for the response. But I'm using msal-angular and msal-browser in my SPA. And I'm not able to find a way/method which I can use to fetch the authorization code or refresh token. Can you please point me out to them? Because with SPA flow, the library itself exchanges code to get token. – Satish Lakhani Jul 06 '21 at 16:16
  • You can save the authentication token in local-storage, then get it when you need it, and then remove the local-storage once you logout. You can refer to this tutorial: https://github.com/Azure-Samples/ms-identity-javascript-angular-tutorial/tree/main/3-Authorization-II/1-call-api – Rutha Jul 15 '21 at 18:11