We are using MSAL library for Authentication and it generates access token and refresh token which we have access to. Once successful login happens we want to open share point url using the session of the user which is already established.Is there a way to obtain Fedauth, rtfa cookies from token that got generated using MSAL library?
Related
I am using a simple JWT auth firebase. backend checks if its a valid user and gives back an access token using JWT. Now I want to implement a refresh token. How can I do it? What should be the content of the refresh token? When I sign a new access token and go to protected a page but when fresh it, it go to login page again.
what should I do to also sign a refresh token? please help me anyone.
when you are generating JWT auth token generate refresh token with 1d or with no expiry time according to you requirement. After this send JWT and JWT-REFRESH token in the response of login API, after this make an API in your backend which accepts the refresh token from header or from body and in response generate a JWT token, in case of bad refresh token return 401 status code.
At client side if you are using axios, you can use axios-interceptors as a middle to detect if 401 is coming from any API, then in that case hit the refresh JWT token API to generate new auth token.
If refresh token API gives again 401 response then handle it as REFRESH token is also expire and redirect the user into login page.
How to get the refresh token in JWT format?
Team is working on authentication using AAD and the OIDC library that is being used expects the tokens to be in JWT for decoding purpose.
Refresh token is not returned in JWT. Applications should not be inspecting a RT as it is only useful for the Authorisation server to issue new Access tokens. RT is an encrypted blob that only the authorisation server can decode for this process.
I have an iOS application that allows users to login with Facebook (via the Facebook Swift SDK). This returns the an access token for the user, which is specific to that app.
The user's facebook access token is passed to my NodeJS API where its authenticity needs to be checked. How can I do this? Basically, I need to check that Facebook has given the user this access token specifically for use with my app.
Once this is done, I will just use my API's standard JWT access and refresh tokens to authenticate future requests.
You can use the Debug Token endpoint within the facebook api, which provides if the token is still valid and which application the token is valid for.
I'm currently working on an outlook add-in using the MS Graph API. In this add-in, I'm using azuread-openidconnect passport plug-in to authenticate the users using the OIDC strategy on the Azure-AD V2 endpoint.
I'm running into the typical issue where my access token is expired, and I need to use my refresh token to get an up to date access token. From the docks (https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols-oauth-code) I can easily check and refresh the token manually. However, I assume that this functionality has been baked into the passport plug-in. If so how do I go about checking and refreshing the token with the plug-in?
There's no method in passport-azure-ad for that. Passport's role is to authorize the initial access token, which can then be used to access APIs (including the refresh token API) at the provider.
So you may need to refresh these tokens by yourself, or by using a separate library like passport-oauth2-refresh.
I am developing a Chrome extension which needs to get an OAuth 2 access token for a Google service. But I am not sure whether to use the Authorization Code Grant flow or the Implicit Grant flow.
In the Implicit grant flow, I get the access token directly. However, since we don't get a refresh token here, we'll have to request for an access token again here if it expires. Will this ask the user to authenticate my App again (by showing him authentication UI) or will the user be oblivious to it?
My experience using chrome.identity API for authorization tokens is: the first time an authorization is needed (when the extension is first installed), the user is presented an authentication UI to confirm.
Whenever the token expires and a new token is necessary, calling chrome.identity.getAuthToken won't display the authentication UI but fetch a new token directly (no user interaction is needed if access was previously granted).