DEV Community

Discussion on: #05: Securing Static Web Apps

View post

Replies for: Thank you!! Genuinely made my day - you can tell this is a labor of love for all of us. Just to clarify: You want a client (System A) to invoke a...

Collapse
 
layzee profile image
Lars Gyrup Brink Nielsen

I'm thinking of the OAuth 2.0 Client Credentials flow.

Say my Azure Static Web App has a connected Azure AD, an Azure AD B2C provider, or is there a built-in identity provider?

External Service B wants to access Static Web App API A:

  1. External Service B goes where to request an access token using client credentials (client ID + client secret)?
  2. External Service B attaches the Bearer access token to the Authorization HTTP request header for Static Web App API A?
  3. How does Azure Static Web App API A validate the access token?
  4. How does the Azure Static Web API A authorize the access token permissions?
Thread Thread
 
mkarmark profile image
mkarmark

We currently only support browser logins for authentication. We do not have support for service to service auth, or any form of token validation.

Thread Thread
 
layzee profile image
Lars Gyrup Brink Nielsen

Thank you for clarifying and once again thank you for this article. The role assignment by Function is interesting 👀