We are currently successfully running a Node.js Azure Function App deployed in an App Service in Azure with AAD B2C authentication as backend for a React-based Single-Page Application. User authentication in the SPA is done with Azure AAD B2C, where users obtain a JWT Token which is used as Bearer token for all requests against the backend API. This works great.
Due to different reasons, we now need to dockerize our Function App and move it inside a Kubernetes cluster. This prevents us from using the AAD B2C integration of the Function App in the App Service for protecting the API, hence we need a different approach to validate the Bearer tokens of the requests.
From what we understand, there are two possible options to do this:
- passport.js
- MSAL
passport.js seems to work great for all Express-based apps and is therefore not suitable for us as our Function App is not Express-based. We also had a look at msal-node and various examples using it, but struggle to understand exactly where and how our token validation fits and which (if any) of the examples fits our use case.
Are we looking in the right direction with msal-node and if so, how can we accomplish the task of protecting a containerized Node.js Azure Function App by validating the Bearer token with the AAD B2C?
