Azure Active Directory Authentication from Django-REST-Framework and ReactJS App

cjones 21 Reputation points
2020-10-15T23:25:22.727+00:00

Seems like something pretty basic to implement, but I've been struggling for several days with it now.

Essentially:

  1. User navigates to domain.com/admin
  2. This URI is for internal company users only
  3. Thus, the user needs to be verified against the organizations Azure AD
  4. If they are a user, it takes them to the dashboard; If not, they are rejected from entering

Simple, right?

I'm finding not so much.

I've been trying to do it server-side with DRF. Mind you, my Django backend, does not serve any static assets. It is strictly and API that consumes and provides data. It at no point uses Django Templates. I'm finding most of the libraries are out dated, have poorly written documentation, or just don't work for my use case (DRF). I've tried a handful and can't get any of them working.

I understand that this can also be done client-side with ReactJS libraries and supposedly it is secure. I haven't tried yet. I have no preference for either server-side or client-side just as long as user's information can be put in the database... I don't see any reason why this couldn't happen even using client-side.

So at any rate, what I'm hoping I can get some guidance on is the following:

  1. Some documentation, or guide, starting with the basics: How to properly register this App to serve this purpose (i..e, client_id, client_secret, token, etc.). Super clear and from the basics.
  2. What actually works for this purpose whether it is client-side ReactJS or vanilla JavaScript implementation, or server-side Django, DRF, or Python implementation.

Thanks in advance for the help.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
21,783 questions
0 comments No comments
{count} vote

4 answers

Sort by: Most helpful
  1. 2020-10-16T15:55:11.167+00:00

    You can try the following examples:

    Node.js (only up to Add Azure AD authentication)
    React (only up to Add Azure AD authentication)

    If you want tto restrict certain users from being able to login you can Restrict your Azure AD app to a set of users in an Azure AD tenant.

    Or for more advanced scenarios you can Add app roles in your application and receive them in the token and decide which ones are allowed to navigate other portions of your app.

    --
    Please let us know if this answer was helpful to you. If so, please remember to mark it as the answer so that others in the community with similar questions can more easily find a solution.

    1 person found this answer helpful.

  2. Cyrus Ndirangu 6 Reputation points Student Ambassador
    2022-03-12T16:38:41.62+00:00

    Hello guys @cjones and @Moses Alhassan , were you able to find a work around to use Azure AD, Django Rest Framework and React, this could be a super useful documentation, I can propose to write up for the community.

    Best Regards.

    Cyrus Ndirangu.

    1 person found this answer helpful.
    0 comments No comments

  3. Mahipal Singh 6 Reputation points
    2021-02-19T07:49:23.98+00:00

    Hello @cjones ,

    • You can use client side react for authentication.
    • Then send that token back to API from react front end.
    • After that use graph /me api to get the details for that particular token.
    • There will be email in the response that is for the token from graph API.
    • Match that email in your Database and once you verify that you can generate the token using Simple JWT and send it back to React front end.
    • Then use that token for Auth.

    This is just basic summary of the process you can tweak it however you want.

    @Alfredo Revilla - Upwork Top Talent | IAM SWE SWA Feel free to correct any issues that you see in the approach.

    Hope this helps.

    0 comments No comments

  4. cjones 21 Reputation points
    2021-03-15T21:45:31.183+00:00

    Looking at these two steps:

    Then send that token back to API from react front end.

    After that use graph /me api to get the details for that particular token.

    Is the last step I quoted done server-side (in my case in Django/DRF)? Is there a particular library that needs to be used or just do a regular POST to the graph end point?


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.