Authenticate to Microsoft Entra Application Proxy with SharePoint session

Question

I'm developing a web part with SPFx that makes a call to a web API.

The API is protected with Microsoft Azure Application Proxy using Entra ID as the pre-authentication method.

Now, when I make a request with JavaScript's fetch(), I get redirected to the 'login.microsoftonline.com' page with the state parameter containing "InvalidTokenRetry".

I even tried setting 'credentials': 'include', but with no results.

Is there a way I can authenticate myself to the application proxy using only the session I have in SharePoint?

Thanks in advance.

Answer 1

Hi @Brian Sivieri

Thank you for posting this in Microsoft Q&A.

I understand that you want to Authenticate to Microsoft Entra Application Proxy with SharePoint session.

The "InvalidTokenRetry" error message suggests that there is an issue with the authentication token that is being used to access the API.

To authenticate yourself to the application proxy using only the session you have in SharePoint, you can try using the MSAL.js library to obtain an access token for your API. MSAL.js is a JavaScript library that enables you to authenticate users and acquire tokens to access protected APIs.

Here are the general steps you can follow to use MSAL.js to obtain an access token for your API:

1. Register your web API in Azure AD and obtain the client ID and tenant ID.
2. Configure your web API to accept tokens issued by Azure AD.
3. Register your SPFx web part in Azure AD and obtain the client ID.
4. Configure your SPFx web part to request permissions to access your web API.
5. Use MSAL.js to obtain an access token for your web API.
6. Include the access token in the Authorization header of your fetch () request to your web API.

For your reference: https://github.com/AzureAD/microsoft-authentication-library-for-js

Hope this helps. Do let us know if you any further queries.

Thanks,

Navya.