Microsoft Authentication Library (MSAL) for Python makes it easy to authenticate to Microsoft Entra ID. General docs are available here https://learn.microsoft.com/entra/msal/python/ Stable APIs are documented here https://msal-python.readthedocs.io. Questions can be asked on www.stackoverflow.com with tag "msal" + "python".
I have a FAST-API webapp hosted on azure app service. I am trying to secure its endpoints via oAuth2.
I am using AAD Client Credentials flow.
So far I have been able to get tokens, verify and decode it using the steps mentioned here and secure my endpoints.
However it feels that a lot of code that I have written as part of JWT verification is basically re inventing the wheel.
Is this the recommended approach/best practice ?
Does everyone have to write the code to verify JWT tokens and essentially re invent the wheel ?
What am I trying to do?
So far I have been able to get tokens, verify and decode it using the steps mentioned here and secure my endpoints. However it feels that a lot of code that I have written as part of JWT verification is basically re inventing the wheel.