Share via

Aquire authorization code MSAL js

Kasun Tharaka 76 Reputation points
2022-07-22T03:16:17.613+00:00

I have a web application that run scheduled server side(.NET) task that access user email accounts and read their emails.
Front end of the application is implemented using angular.

I am using auth code flow for this scenario.

  1. I want to get user permission to access their email accounts interactively using browser pop up window.
  2. Retrieve authorization code at the front end.
  3. Send authoriztion code to backend.
  4. Redeem access and refresh tokens in the back end.
  5. Use tokens for the back end task(this task should run independently) without ever communicating with front application.

But I cannot find a way to retrieve authorization code at the front end using MSAL js library. As it seems MSAL library do all the steps and acquire tokens at the front end. But for my requirement, I need to redeem tokens using the authorization code at backend and store the tokens.

I know this will be possible if I don't use MSAL js. But then handling the pop up window will be too difficult.

Any feedback regrading this is much appreciated and thanks in advance.

Microsoft Security | Microsoft Entra | Microsoft Entra ID
Microsoft Security | Microsoft Graph
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Alfredo Revilla - Upwork Top Talent | IAM SWE SWA 27,551 Reputation points Moderator
    2022-07-25T04:33:54.807+00:00

    Hello @Kasun Tharaka , I understand you want to obtain the authorization code using MSAL.js and pass it to the backend so that it can exchange it for an access and refresh token. Although technically possible: you can leverage APIs such as StandardInteractionClient.initializeAuthorizationCodeRequest(AuthorizationUrlRequest) and others, this flow is not standard thus not supported. You would be creating a public client to get an authorization code to and a private client that exchanges the former. The authorization code would be sent through the wire w/o additional protection such as the one provided by PKCE which is already supported out of the box by MSAL.js.

    My recommendation is to get an access token using MSAL.js and implement the OBO flow in your backend so that it can request an access and refresh token for a down-stream API or service using the frontend access token.

    Let us know if you need additional assistance. If the answer was helpful, please accept it and complete the quality survey so that others can find a solution.

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.