Azure AD SSO with XANO APIs

Yousuf

Hi, I am going to use XANO APIs as my backend application , But i am using Azure AD single sign on with my existing application. How i can inject Azure AD token authentication login in XANO to authenticate each XANO API request. Thanks

Ray Deck

More than one answer, but the most common process I see is to use the login process in MS Graph API to get an ID Token, and then make an endpoint in Xano that redeems the ID token for a Xano access token. That way, from there on out you can use Xano built-in auth without a weak point in your authentication chain.

Yousuf

Thanks @Ray Deck your kind reply, Can you please share any reference guide page that will really help to implement what you said above. Thanks again

Yousuf

I am using Angular app as front end and using Azure AD user flow to login interactively and after the success full login and i want to use XANO APIS.

Ray Deck

Here's the documentation from MSFT on ID tokens and their validation: https://learn.microsoft.com/en-us/azure/active-directory/develop/id-tokens

As for the connection with Xano, it's always a little different based on the use case, but we've done this pattern before multiple times in State Change office hours, including a deeper dive on making the connection with Google auth which is basically the same flow. Those session recordings are available to our members, as are the office hour slots themselves to work the problem.

Yousuf

No developer help from #XANO available?. I will appreciate if you can share any reference document or blog link that can help me

Lachlan

Hi there Yousuf,

As Ray mentioned the following workflow could be a suitable option:

You will need to decode the token that you receive from AzureAD in your Xano endpoint.

Here's a general idea of how the validation process might work.

1. Decode the ID Token: The ID Token is a JSON Web Token (JWT) that is base64 encoded. The first step is to decode this token, which will give you a JSON object.
2. Check the Signature: Check the Signature: Xano provides built-in functionality to decode and verify JWTs. You can use the jwt_decode function in Xano to decode the token and verify its signature. This function takes the token and the secret key as input and returns the decoded token if the signature is valid. The secret key is used to verify the signature of the token.
3. Check the Claims: The payload of the token contains several claims, which are pieces of information about the user and the token. You would check these claims to validate the token. Some of the claims you might check include:
   • iss (issuer): This should be Azure AD.
   • aud (audience): This should be your application.
   • exp (expiration time): The current time should be before this time.
   • nbf (not before): The current time should be after this time.
   • iat (issued at): The token should not be accepted if it was issued too far in the past.
4. Associate the User: If the token is valid, you would then associate the user in the token with a user in your application. This might involve checking the sub (subject) claim, which is a unique identifier for the user, and looking up this user in your database.

Please note that this is a simplified explanation and the actual implementation might be more complex. Also, the specific claims in the token might vary depending on how Azure AD is configured. You should refer to the Azure AD documentation for more details as Ray mentioned. I would also recommend checking out Statechange.ai if you are needing more hands-on help with Xano.