👨🏫 Co-Founder of This is Learning, Organizer of AarhusJS
✍️ Writer, Speaker, FOSS Maintainer 📗 Author
🏆 Microsoft MVP 🌟 GitHub Star
🌊 Nx Champion 🦸 Angular Hero of Education
Thanks for this amazing article series! How would we set up authorized system-to-system API calls from an external system to the Azure Static Web App API?
Thank you!! Genuinely made my day - you can tell this is a labor of love for all of us.
Just to clarify:
You want a client (System A) to invoke an API endpoint in the SWA (System B)
where the API endpoint requires you to be authenticated before you can use it?
I see the workflow being something like:
The SWA would have the API route endpoint set up to require an allowedRole of "authenticated" - which means anyone trying to access it would be redirected to the login API endpoint before they are allowed to proceed.
The client would then invoke the API endpoint - and if it is already authenticated, it gets a valid response, else it will be asked to login first, then redirected to the API when done.
See: Securing Routes with Roles
However, I think you may be asking if there are ways to customize that authentication workflow - that would require the SWA implementor to explore custom authentication options.
👨🏫 Co-Founder of This is Learning, Organizer of AarhusJS
✍️ Writer, Speaker, FOSS Maintainer 📗 Author
🏆 Microsoft MVP 🌟 GitHub Star
🌊 Nx Champion 🦸 Angular Hero of Education
👨🏫 Co-Founder of This is Learning, Organizer of AarhusJS
✍️ Writer, Speaker, FOSS Maintainer 📗 Author
🏆 Microsoft MVP 🌟 GitHub Star
🌊 Nx Champion 🦸 Angular Hero of Education
Thanks for this amazing article series! How would we set up authorized system-to-system API calls from an external system to the Azure Static Web App API?
Thank you!! Genuinely made my day - you can tell this is a labor of love for all of us.
Just to clarify:
You want a client (System A) to invoke an API endpoint in the SWA (System B)
where the API endpoint requires you to be authenticated before you can use it?
I see the workflow being something like:
However, I think you may be asking if there are ways to customize that authentication workflow - that would require the SWA implementor to explore custom authentication options.
For instance - if AAD is used, the SWA can configure the types of accounts that can sign in and streamline the login process for trusted organizations.
Does this help? If not, perhaps you can give me an example use case and I'd be happy to follow up :-)
I'm thinking of the OAuth 2.0 Client Credentials flow.
Say my Azure Static Web App has a connected Azure AD, an Azure AD B2C provider, or is there a built-in identity provider?
External Service B wants to access Static Web App API A:
Authorization
HTTP request header for Static Web App API A?We currently only support browser logins for authentication. We do not have support for service to service auth, or any form of token validation.
Thank you for clarifying and once again thank you for this article. The role assignment by Function is interesting 👀