azure - Why azure-active-directory-spring-boot-starter needs access to Microsoft?
问题描述
I am using the new msal.js for Single Page Applications (https://www.npmjs.com/package/@azure/msal-browser). The good news is I got it all working! So after logging in to azure ad I get redirected to my app with an access code and with that code msal is getting accesstoken/refreshtoken/idtoken from the azure code.
After this I am using the accesstoken to access my own web API that is hosted on my own on premise server. I am using spring boot in combination with azure-active-directory-spring-boot-starter. This all works fine too.
My question is: My server is contacting microsoft every time there is a request to the server.... why is this? It has got the JWT token from the request, the server knows clientid & client secret so why does it still needs to contact Microsoft? What is it doing/verifying? If I close the outgoing access to the Internet it is complaining "Couldn`t retrieve remote JWK set: connect timed out". So it looks like it is mandatory...
Could anybody explain how this is working? Beside this, does anybody know what range of ports need to be opened to microsoft?
Thanks in advance for your help!
Regards,
Peter
解决方案
That network call is used to acquire the keys needed to verify the JSON Web Tokens.
More: https://github.com/microsoft/azure-spring-boot/issues/802#issuecomment-571076721
推荐阅读
- html - 禁止 googlebot 访问统计信息网址
- xamarin - Xamarin 表单 - TabbedPage 背景图像
- javascript - 节点快递命中 :id 而不是 404
- javascript - 如何使数组过滤器返回 AND 结果而不是 JavaScript 中的 OR
- git - 在 Git 上保持两个项目的最新状态
- javascript - React 中的数组被突变
- sql - 重构 SQL 以提高速度:使用 CASE 而不是 UNION ALL
- java - Android In-app Review 弹出窗口使应用程序崩溃
- java - 使用 UTF-8 的 Spring Boot 属性文件
- django - 如何同时运行 Django 和 Node Server