Scenario: A web app that authenticates users and calls web APIs

Article
09/21/2023

Learn how to build a web app that signs users in to the Microsoft identity platform, and then calls web APIs on behalf of the signed-in user.

Prerequisites

This scenario assumes you've already completed Scenario: Web app that signs in users.

Overview

You add authentication to your web app so that it can sign users in and call a web API on behalf of the signed-in user.

Web app that calls web APIs

Web apps that call web APIs are confidential client applications. That's why they register a secret (an application password or certificate) with Microsoft Entra ID. This secret is passed in during the call to Microsoft Entra ID to get a token.

Specifics

Adding sign-in to a web app is about protecting the web app itself. That protection is achieved by using middleware libraries, not the Microsoft Authentication Library (MSAL). The preceding scenario, Web app that signs in users, covered that subject.

This scenario covers how to call web APIs from a web app. You must get access tokens for those web APIs. You use MSAL libraries to acquire these tokens.

Development for this scenario involves;

Providing a reply URI, secret, or certificate to be shared with Microsoft Entra ID during application registration. If you deploy your app to several locations, you'll provide a reply URI for each location.
Providing the client credentials in the application configuration. These credentials were shared with Microsoft Entra ID during application registration.

Next steps

Move on to the next article in this scenario, App registration.

Scenario: A web app that authenticates users and calls web APIs

Prerequisites

Overview

Specifics

Recommended reading

Next steps

Feedback

Additional resources

Additional resources