We are actively working on a Javascript ADAL version, stay tuned!
ADAL.NET: Using it to authenticate using javascript
-
08-07-2023 - |
Question
I recently happen to find this library:
This is a wonderful tool that is able to abstract away a lot of complexities of authenticating against AAD.
I was wondering if it or any of it's known variations support authentication through Javascript.
Any help would be appreciated.
Solution
OTHER TIPS
There is another add-on that seems to be supported through AZURE called Auth0.
Auth0 offers, seemingly plug and play, distrubited Security Authorization by just filling in a few variables. The big downfall is the pricing. But in general, it seems like there is a nice way for raw javascript to authenticate.
1st: there are many libraries. You can check this to get started: http://adodson.com/hello.js/
2nd: Caution: it won't make much sense to have it from security point of view because of following reasons:
--> Since JavaScript will qualify under public client category therefore confidential client flow of OAuth code grant involving client secret is not possible (or better yet, doesn't make sense).
--> Your JavaScript will qualify for public client code flow. This will mean that you will expose at least your client ID and return URL to EVERYONE and this again isn't a good sign. Public clients are already weak in security and exposing client id will worsen it.
--> Also notice, you'll have cross site request issues.