Looking for a Python/Django/Djano-REST-Framework library to verify access_token from Azure AD

Question

This has been a real frustrating struggle for several days now and I need to get it wrapped up.

So in my app, and how I understand this should work in all microservice applications, the flow is the following:

1. User navigates to https://www.example.com/ which is a ReactJS FE in my case.
2. Using react-aad (I'll be switching to @azure/msal-react when it is released), they are automatically redirected to login using their Azure AD credentials for our tenant ID.
3. This gives them the id_token and access_token.
4. I need to send this access_token to our Django/DRF API where it needs to be verified as being authentic and thus granting client/API communication.
5. Without this verification, it would mean either the API is wide open (it definitely should not be) or any string could be passed to it as an access_token (that would be bad).

I have my access_token from the ReactJS FE. I just need to send it to the API and the API needs an implementation to verify it is a valid token and not just some random string.

I've tried all of these libraries which either don't support this use case or simply do not work:

• azure-activedirectory-library-for-python (deprecated)
• microsoft-authentication-library-for-python (apparently does not have a way to just validate a token per this issue)
• django-rest-framework-social-oauth2 (deprecated)
• drf-social-oauth2 (error)
• python-social-auth/social-app-django (error)
• This article (see the preceding error)

So how do I implement this? Just trying to verify an access_token is valid in my API.

Answer 1

Hello @cjones , you might try with py-jwt-validator.

Let us know if this answer was helpful to you. If so, please remember to mark it as the answer so that others in the community with similar questions can more easily find a solution.