Update Authentication to use local storage and easy auth refresh (#1117)

* switch to localstorage; add refresh * run prettier * fix tests --------- Co-authored-by: Matt Gotteiner <magottei@microsoft.com>
Azure-Samples · Jan 9, 2024 · 0b8724a · 0b8724a
1 parent e518ab0
commit 0b8724a
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 15 deletions.
diff --git a/app/backend/core/authentication.py b/app/backend/core/authentication.py
@@ -65,9 +65,11 @@ def get_auth_setup_for_client(self) -> dict[str, Any]:
  "navigateToLoginRequestUrl": False, # If "true", will navigate back to the original request location before processing the auth code response.
  },
  "cache": {
- "cacheLocation": "sessionStorage",
+ # Configures cache location. "sessionStorage" is more secure, but "localStorage" gives you SSO between tabs.
+ "cacheLocation": "localStorage",
+ # Set this to "true" if you are having issues on IE11 or Edge
  "storeAuthStateInCookie": False,
- }, # Configures cache location. "sessionStorage" is more secure, but "localStorage" gives you SSO between tabs. # Set this to "true" if you are having issues on IE11 or Edge
+ },
  },
  "loginRequest": {
  # Scopes you add here will be prompted for user consent during sign-in.

diff --git a/app/frontend/src/authConfig.ts b/app/frontend/src/authConfig.ts
@@ -3,6 +3,7 @@
 import { IPublicClientApplication } from "@azure/msal-browser";
 
 const appServicesAuthTokenUrl = ".auth/me";
+const appServicesAuthTokenRefreshUrl = ".auth/refresh";
 const appServicesAuthLogoutUrl = ".auth/logout?post_logout_redirect_uri=/";
 
 interface AppServicesToken {
@@ -88,18 +89,24 @@ export const getRedirectUri = () => {
 // Get an access token if a user logged in using app services authentication
 // Returns null if the app doesn't support app services authentication
 const getAppServicesToken = (): Promise<AppServicesToken | null> => {
- return fetch(appServicesAuthTokenUrl).then(r => {
+ return fetch(appServicesAuthTokenRefreshUrl).then(r => {
  if (r.ok) {
- return r.json().then(json => {
- if (json.length > 0) {
- return {
- id_token: json[0]["id_token"] as string,
- access_token: json[0]["access_token"] as string,
- user_claims: json[0]["user_claims"].reduce((acc: Record<string, any>, item: Record<string, any>) => {
- acc[item.typ] = item.val;
- return acc;
- }, {}) as Record<string, any>
- };
+ return fetch(appServicesAuthTokenUrl).then(r => {
+ if (r.ok) {
+ return r.json().then(json => {
+ if (json.length > 0) {
+ return {
+ id_token: json[0]["id_token"] as string,
+ access_token: json[0]["access_token"] as string,
+ user_claims: json[0]["user_claims"].reduce((acc: Record<string, any>, item: Record<string, any>) => {
+ acc[item.typ] = item.val;
+ return acc;
+ }, {}) as Record<string, any>
+ };
+ }
+
+ return null;
+ });
  }
 
  return null;

diff --git a/tests/test_authenticationhelper.py b/tests/test_authenticationhelper.py
@@ -80,7 +80,7 @@ def test_auth_setup(mock_confidential_client_success):
  "postLogoutRedirectUri": "/",
  "navigateToLoginRequestUrl": False,
  },
- "cache": {"cacheLocation": "sessionStorage", "storeAuthStateInCookie": False},
+ "cache": {"cacheLocation": "localStorage", "storeAuthStateInCookie": False},
  },
  "loginRequest": {
  "scopes": [".default"],
@@ -104,7 +104,7 @@ def test_auth_setup_required_access_control(mock_confidential_client_success):
  "postLogoutRedirectUri": "/",
  "navigateToLoginRequestUrl": False,
  },
- "cache": {"cacheLocation": "sessionStorage", "storeAuthStateInCookie": False},
+ "cache": {"cacheLocation": "localStorage", "storeAuthStateInCookie": False},
  },
  "loginRequest": {
  "scopes": [".default"],