i have downloaded angular sample microsoft-authentication-library-for-js\samples\msal-angular-v3-samples\angular16-sample-app from github and im trying to make a backend to protect my routes using azure ad in angular im getting access token using this function this.authService.acquireTokenSilent({ scopes: ['user.read'] }).subscribe({ next: (result) => { console.log('Access Token:', result.accessToken); }, error: (error) => { console.error('Error acquiring token:', error); } }); now when my angular app try to call nodejs server i want to verify that token, how can i do that with best practices? and thank you.

Hi @Marwan Samrout , Thaks for reaching out. To verify the access token received from the client-side in your Node.js server, you can use the passport-azure-ad library. This library provides a middleware that can be used to authenticate the incoming requests based on the access token. https://github.com/Azure-Samples/ms-identity-javascript-angular-tutorial/tree/main/3-Authorization-II/1-call-api Hope this will help. Thanks, Shweta Please remember to " Accept Answer " if answer helped you.

how to verify azure access token using Nodejs ?

Accepted answer

Shweta Mathur 30,201 Reputation points Microsoft Employee

2024-01-22T10:58:32.6933333+00:00

Hi @Marwan Samrout , Thaks for reaching out. To verify the access token received from the client-side in your Node.js server, you can use the passport-azure-ad library. This library provides a middleware that can be used to authenticate the incoming requests based on the access token.

https://github.com/Azure-Samples/ms-identity-javascript-angular-tutorial/tree/main/3-Authorization-II/1-call-api

Hope this will help.
Thanks,

Shweta

Please remember to "Accept Answer" if answer helped you.
Please sign in to rate this answer.
MarwanSamrout-7915 40 Reputation points

2024-01-22T12:19:53.2466667+00:00

i already tried passport-azure-ad using nodejs , right now i dont have access to my pc so later i will upload the code, and i want to ask is there any endpoint that i can verify token using it (REST API) ?

MarwanSamrout-7915 40 Reputation points

2024-01-23T08:05:23.14+00:00

i had the wrong scope in api configuration i was putting this

'api://b3867ad9-6844-457b-83b2-2bade94c68e4/general'

but all i had to put is 'general' in the api and the full uri in the angular app. but now i have another question about MSAL library for angular , i see it's working only with angular version less than 17 , is there a way to make MSAL works with angular 17 ? and thanks for helping !

Shweta Mathur 30,201 Reputation points Microsoft Employee

2024-01-23T10:52:19.42+00:00

Marwan Samrout I want to ask is there any endpoint that I can verify token using it (REST API) You can use (https://login.microsoftonline.com/{example-tenant-id}/v2.0/.well-known/openid-configuration) to verify the token. Refer - https://learn.microsoft.com/en-us/entra/identity-platform/access-tokens#validate-tokens i see it's working only with angular version less than 17 , is there a way to make MSAL works with angular 17 ? Our product team is working to update MSAL Angular to support angular 17. As of now there is no timeline. We will update once that would be officially supported. Thanks, Shweta

Ben in CA 0 Reputation points

2025-01-18T18:30:43.7266667+00:00

FYI - This library is deprecated by Microsoft, and using typical JWT validation, you cannot validate access tokens, only ID tokens.
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

how to verify azure access token using Nodejs ?

0 additional answers

Your answer