问题
I have developed a Sharepoint Webpart. The aim of this component is simple, authenticate the user in an external website that is embedded inside de Sharepoint. The external website uses Azure AD to login the users.
The problem that I have is the following. I know how to get obtain an access token, and the component works fine, with a great security leak.
This is that I have
public render(): void {
token="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
<iframe img src="https://www.example.org/oauthCallback.html?token="+token/>
}
For this reason, I'm trying to change for something like:
public render(): void {
<iframe img src="Azure redirection"/>
}
Azure redirection -> verify the user context with Azure AD -> redirect the callback to https://www.example.org/oauthCallback.html
I want securize this process with Azure AD, but I don't know how to do.
Any idea?
Regards
回答1:
I have never encountered such scenario. We usually will protect an website with Azure AD and login window popup when access the website. Or protect an webapi with Azure AD, then access the api with access token provided in an client part. Here is the sample of spa.
来源:https://stackoverflow.com/questions/60754927/how-to-securize-redirection-with-azure-ad-in-a-webpart