Open anumalasri opened 1 month ago
What do you want to do with these tokens? The frontend can use the microsoftAuthApiRef
to get a token from the users oauth session already, and in the backend, depending on what you want to do, should be configured to use a PAT I believe.
Don't really want to dive into the complexities and security of storing refresh tokens in the Backend for access to user scoped resources to be honest, so we're trying to keep that part simple.
@benjdlambert .. We can see the AuthTokens returning to the Frontend Application after successful authentication. However, we don't have a correct way to access them. Are there any examples of how to access MS Token using microsoftAuthApiRef
?
authApi.getAccessToken()
was tested and took the user to re-login though the scope was already used in Login.
Any suggestion further in this regard?
Ah, it's possible that this is fixed by https://github.com/backstage/backstage/pull/25728, to be released in two weeks. If a user is already auth'd then they should not need to go through another auth flow unless the scope of the session is being expanded.
@Rugvip Thanks for your update.. We shall look forward to test new plugin versions.
🔖 Feature description
We are using Microsoft Azure authentication and need to extract the access tokens for internal API calls at both front end (browser) and also at backend (server) component.
🎤 Context
We have successfully integrated Azure Microsoft authentication. However, unable to extend Azure Entra for internal enterprise APIs.
We could not find a way other than, /refresh API, which will refresh the entire session. It would be good to provide an easy way to manage these tokens at the backend and retrieve them at both the frontend and backend.
Possibly looking for some caching instead of refreshing token always.
✌️ Possible Implementation
No response
👀 Have you spent some time to check if this feature request has been raised before?
🏢 Have you read the Code of Conduct?
Are you willing to submit PR?
None