February 2019 Blog Posts

All blog posts that were published in February 2019. To view posts from other months, use the archive control in the right-hand sidebar to pick the specified month from the specified year.

Microsoft MVP Logo

Leverage Custom Permissions in Azure AD Applications

Wednesday, February 20, 2019 9:42 AM

In my last post, Securing an Azure Function App with Azure AD - Works with SharePoint Framework!, I showed how you can secure a REST API deployed as an Azure Function App using Azure Active Directory (AzureAD). This comes in quite handy when you want to secure some custom server-side business logic that”s called from a SharePoint Framework (SPFx) client-side solution. The SPFx docs show how to use APIs with permissions to the Microsoft Graph. This post will explain how to add custom permissions to the AzureAD application that is used to secure your Azure Function.

Read More

Validating Azure AD Generated OAuth Tokens

Wednesday, February 20, 2019 9:30 AM

If you create an application or API that is secured with Azure AD, you are likely going to require a consumer of your application to provide an OAuth access token in order to access your application or API. The caller would have to obtain this token from Azure AD by first authenticating with Azure AD and then request a token for your application. But anyone can create an OAuth access token. It”s just a JSON object that has a set schema and then base64 encoded. There”s nothing secure about it.What legitimizes its use as a security token is that the creator of the token digitally signs the token with a public-private key pair. The creator of the token uses their private key and includes the result in the OAuth access token in the JWT (JavaScript Web Token) format. If you”ve elected to use Azure AD to secure your REST API, you have established a trust with Azure AD.

Read More

Securing an Azure Function App with Azure AD - Works with SharePoint Framework!

Monday, February 18, 2019 9:30 AM

I recently published a new chapter in my Mastering the SharePoint Framework on-demand course for developers that included a section that showed how to call a REST API deployed using an Azure Function App and secured with Azure AD from the SharePoint Framework. When I was working on this chapter, it felt like the process of configuring an Azure Function App to be secured with Azure AD was harder and more complex than it should have been. Specifically, some of the things you do aren’t explained as well… so I decided to blog about it here!

Read More