I have a separate structure for backend using GoLang Gin and frontend ReactJS and would like to integrate the Azure AD Oauth2 login.
However, it’s ok to authenticate GoLang App or React App, but how to pass the auth info to the backend when I authenticate in frontend using msal-react?
In my current backend API, I use JWT like this to protect APIs:
or should I authenticate the backend and pass the info to frontend? but I cannot get it to redirect(Azure login) since they are in different port…
The typical pattern is:
- Front-end (React app in your case) uses msal (or other compatible library) to redirect the user to login
- Front-end acquires access token for back-end using a scope defined in API app registration (or same app registration)
- Front-end attaches access token to back-end requests
- Back-end validates access token (signature using public keys from Azure AD, expiry time, audience, issuer, scopes etc.)
In .NET we configure an "authority" for JWT authentication, e.g. "https://login.microsoftonline.com/", and the authentication handler then downloads metadata + public keys from "https://login.microsoftonline.com//.well-known/openid-configuration".
It might be possible to configure something like this for your library as well.
Scopes you typically have to check yourself.
Answered By – juunas
Answer Checked By – Willingham (GoLangFix Volunteer)