.NET developer blog

Pass user’s identity and authorization from a client application to a web API to another web API using OAuth 2.0 On-Behalf-Of flow.

Published October 20, 2019 in Angular , ASP.NET core , Azure , Azure Active Directory , OAuth2 , OpenID Connect , security - 7 Comments

A few months ago, I gave an overview of the libraries I use to implement OpenID Connect implicit flow in an angular app, and On-Behalf-Of (OBO) flow in ASP.NET core backend APIs. You can checkout this post for more info. In that post, I talk about the security flow from the angular app to the downstream APIs. The angular app communicates only with a single backend API which acts as a gateway that forwards the requests from to other downstream APIs.

Obtaining access token from angular app to gateway via implicit flow to downstream API via on-behalf-of flow

In this post, I go over the details of obtaining an access token via the OBO flow to call protected endpoints from a web API (which I refer to as the gateway in this post) to another web API .

Tags: api gateway , implicit flow , Microsoft Identity Platform , on-behalf-of flow , web api security

Tag Archives for " api gateway "

Pass user’s identity and authorization from a client application to a web API to another web API using OAuth 2.0 On-Behalf-Of flow.