'VueJS app with BFF framework using Azure AD

I am working on VueJS SPA, which connects to Web API protected by Azure AD. I would like to implement the BFF Pattern(Backend for FrontEnd), which improve the security of the application where the token management happens on the server side. I could not find good examples using Azure AD identity. Appreciate if someone could share any good example that helps as a template for BFF using SPA framework.

azure-active-directorysingle-page-application


Solution 1:[1]

Please check if below references can give an idea .

This demo will show implementation of SPA in Angular but this could easily be switched with Blazor, React or a Vue.js UI.

An API is created specially for the Angular UI and the other APIs can only be able to access from the trusted backend which can be under our control.

This is almost similar to the backend for frontend application architecture (BFF). The API uses Microsoft.Identity.Web to implement the Azure AD security. All API HTTP requests to this service require a valid access token which was created for the service.

References:

  1. asp.net - SPA (Vue), BFF and IdentityServer on IIS setup? - Stack Overflow
  2. Securing and accessing APIs with Azure Active Directory | by Cheranga Hatangala |

Other- references:

  1. Building and securing an ASP.NET Core API with a hosted Vue.js UI (damienbod.com)
  2. c# - How to serve SPA on root using Azure AD's AuthorizeforScopes in a BFF - Stack Overflow
  3. Does MSAL.js support the check_session_iframe OIDC endpoint? - Stack Overflow

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 kavyasaraboju-MT

Related Questions

Synapse external table "Unauthorized"

How to redirect from VB.NET legacy web application login page to azure portal to validate azure ad with MFA

Receive a request when Azure AD User receive a call

Can I use SVG within a customized the Azure AD B2C user interface?

Connecting to Dynamics 365 TDS-enabled database with OLEDB Linked Server

How do I define the SignedOut page in Microsoft.Identity.Web?

Azure AD API request 401 Unauthorized

Using multiple authentication providers in C# .net core

Active directory check if user belongs to a group

Web API with Microsoft Identity Platform Authentication

azure ad authentication issue with razor handlers

How to open the file on browser instead of downloading in local that is stored in Azure Data lake Gen 2

Error - Intent filter for: BrowserTabActivity is missing. While using AzureAD MSAL Lilbary

Azure AD B2C - Supporting a daemon app along with B2C clients such as Web page and native mobile app

what is role of User did in Verifiable Credentials ? did:ion:username and when user did will generate?