Authenticate to Microsoft Entra Application Proxy with SharePoint session

Brian Sivieri 0 Reputation points
2024-05-08T16:45:28.6466667+00:00

I'm developing a web part with SPFx that makes a call to a web API.

The API is protected with Microsoft Azure Application Proxy using Entra ID as the pre-authentication method.

Now, when I make a request with JavaScript's fetch(), I get redirected to the 'login.microsoftonline.com' page with the state parameter containing "InvalidTokenRetry".

I even tried setting 'credentials': 'include', but with no results.

Is there a way I can authenticate myself to the application proxy using only the session I have in SharePoint?

Thanks in advance.

SharePoint
SharePoint
A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.
9,810 questions
SharePoint Development
SharePoint Development
SharePoint: A group of Microsoft Products and technologies used for sharing and managing content, knowledge, and applications.Development: The process of researching, productizing, and refining new or existing technologies.
2,706 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,791 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Navya 4,395 Reputation points Microsoft Vendor
    2024-05-13T08:10:05.06+00:00

    Hi @Brian Sivieri

    Thank you for posting this in Microsoft Q&A.

    I understand that you want to Authenticate to Microsoft Entra Application Proxy with SharePoint session.

    The "InvalidTokenRetry" error message suggests that there is an issue with the authentication token that is being used to access the API.

    To authenticate yourself to the application proxy using only the session you have in SharePoint, you can try using the MSAL.js library to obtain an access token for your API. MSAL.js is a JavaScript library that enables you to authenticate users and acquire tokens to access protected APIs.

    Here are the general steps you can follow to use MSAL.js to obtain an access token for your API:

    1. Register your web API in Azure AD and obtain the client ID and tenant ID.
    2. Configure your web API to accept tokens issued by Azure AD.
    3. Register your SPFx web part in Azure AD and obtain the client ID.
    4. Configure your SPFx web part to request permissions to access your web API.
    5. Use MSAL.js to obtain an access token for your web API.
    6. Include the access token in the Authorization header of your fetch () request to your web API.

    For your reference: https://github.com/AzureAD/microsoft-authentication-library-for-js

    Hope this helps. Do let us know if you any further queries.

    Thanks,

    Navya.

    0 comments No comments