I am trying to login to my Java API backend app hosted in Azure and protected with Activty Directory.
In this article I read to make this call for receiving the token:
GET https://login.windows.net/developertenant.onmicrosoft.com/oauth2/authorize?response_type=id_token&client_id=aeadda0b-4350-4668-a457-359c60427122&redirect_uri=https%3A%2F%2Flocalhost%3A44326%2F&state=8f0f4eff-360f-4c50-acf0-99cf8174a58b&nonce=8b8385b9-26d3-42a1-a506-a8162bc8dc63 HTTP/1.1
But how to find out which state and which nonce to set for my own API backend app?
Just using the state and nonce from above example leads me to a response with a so called flowToken. Is this the type of token I have to send as also stated in the referred article? See this part:
Location: https://localhost:44326/#id_token=eyJ0eXAiOiJKV1QiLC[SNIP]gu1OnSTN2Q2NVu3ug&state=8f0f4eff-360f-4c50-acf0-99cf8174a58b&session_state=e4ec5227-3676-40bf-bdfe-454de9a2fdb2
I just would like to have a frontend app to securely connect to the backend app automatically without typing in user credentials.
Please do NOT tell me to use ADAL. Because that's what I already tried and what did not work. As you can see here.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 来,给爷笑一个 的文章《Howto login to Azure hosted and Active Directory p》','https://www.manongdao.com/article-916124.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}