Skip to content

Instantly share code, notes, and snippets.

@eimajtrebor
Forked from itaysk/index.js
Created June 4, 2017 17:51
Show Gist options
  • Save eimajtrebor/16b082e752e5610fc0c2cb0abbee25fe to your computer and use it in GitHub Desktop.
Save eimajtrebor/16b082e752e5610fc0c2cb0abbee25fe to your computer and use it in GitHub Desktop.
Securing Single Page Applications with Azure AD
var aadTenant = "yourTenant.onmicrosoft.com",
spaClientId = "{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}", //AAD app client id for this app
serviceClientId = "{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}", //AAD app client id for the service API app
var serviceUrl = "http://localhost:8081/api/doSomething"; // the service API endpoint
var authContext = new AuthenticationContext({
instance: 'https://login.microsoftonline.com/',
tenant: aadTenant,
clientId: spaClientId,
postLogoutRedirectUri: window.location.origin,
cacheLocation: 'localStorage',
});
var isCallback = authContext.isCallback(window.location.hash);
if (isCallback) {
authContext.handleWindowCallback();
}
//var user = authContext.getCachedUser();
var serviceToken;
function login() {
authContext.login();
}
function getServiceToken() {
authContext.acquireToken(serviceClientId, function (err, res) {
serviceToken = res;
});
}
function callService() {
var r = new XMLHttpRequest();
r.open("GET", serviceUrl, true);
r.setRequestHeader("Authorization", "Bearer " + serviceToken);
r.onreadystatechange = function () {
console.log(r);
};
r.send();
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment