Hi, you are welcome to another informative blog post of Impulz Technologies LLC. This is the second part of the series of blog posts in which I am going to explain how to fetch the data from the Dataverse in a single page application (Angular application in our case).
In the previous blog post I have explained the following:
- How to register an application in Microsoft Azure.
- How to setup API permissions in Microsoft Azure.
You can read the previous blog post from this link.
What you expect from this blog post?
In this second part of the blog posts series, I am going to explain how the Microsoft Azure Active Directory (Azure AD) authentication and authorization works and what are the available library/package options available from the Microsoft.
Accessing the resource like Dataverse web API from Azure, involves two steps – Authentication and Authorization.
Authentication vs Authorization
Authentication is the process of proving that you are who you say you are. This is achieved by verification of the identity of a person or device. Microsoft Azure AD uses OpenID Connect Protocol to authenticate the user or the device identity. Upon successful authentication the identity provider, which is Azure AD, is going to issue the identity token. The format of the identity token is JSON Web Token or simply JWT.
Authorization is the act of granting an authenticated party permission to do something. It specifies what data you’re allowed to access and what you can do with that data. The Microsoft Identity Platform uses OAuth 2.0 Protocol for the authorization. Upon successful authorization completion, Microsoft Azure AD issues the access token. The format of the access token is not standard.
There is a good tutorial exists on YouTube which explains the difference between Authentication and Authorization in the context of Azure as an identity platform.
The good is that Microsoft has developed and published a Microsoft Authentication Library which does the hard-work for you and the app developers don’t need to spend time in understanding the underlying protocols.
App types and Authentication Flows
There can be multiple types of application requiring authentication through Azure AD. Apps can be web applications hosted under a secure server environment, browser based app just like ours, mobile apps, desktop apps etc. Authentication and authorization can be performed using different flows for different application types.
In case of an Angular app, our browser is going to create a secure session with Azure AD and authenticate and authorized the Microsoft identity (corporate or school accounts in our case) to gain access to the Dataverse database.
MSAL-JS is a library available on JS package manager such as NPM. Through MSAL-JS we are going to perform the single sign-on of the user and fetch the ‘Accounts’ data from the Dataverse. First you need to install the MSAL-JS. You can install it through NPM by using the following command:
npm i @azure/msal-browser
In the next part and final part of this blog post series, I am going to explain the code layout and various configurations within the code. I am going to publish the final code on GitHub.
About Impulz Technologies LLC
Impulz Technologies, is a Silver Certified Microsoft Partner company. We specialize in the implementation, consulting and development of Microsoft Dynamics and Microsoft Power Platform. Impulz Technologies also provide staff augmentation services all across the US. For more information please contact us at 630-540-6302 or email us at firstname.lastname@example.org