How to get user and token details after authenticating an App Service from Azure AD?

Question

I have a React Application for the Front end hosted on Azure in App Services. I also have another NodeJS app that I am using to create REST APIs for the front-end App. This App is hosted on another App Service.

Now, I want to integrate AD authentication for the front-end app using Azure Active Directory, which I have managed to do using the Easy Auth process. But I don't know how to get (or pass to the front end) the user and token details once the user is authenticated.

The second part of the query is, that I want to use the token to secure my REST APIs by passing it in the header and validating it in the backend. I have gone through various Microsoft documentation but I am not able to figure out how to do this.

Please help me in getting the user and token details. And please suggest how to secure my REST APIs.

Answer 1

You can get the tokens via http headers or via an endpoint /.auth/me. More details: https://docs.microsoft.com/en-us/azure/app-service/configure-authentication-oauth-tokens#retrieve-tokens-in-app-code

Regarding validating tokens, take a look at this: https://github.com/Azure-Samples/active-directory-dotnet-webapi-manual-jwt-validation