To use authentication with Azure AD you need to do the following:
In hms-api
- Copy
public_key-example
and rename it topublic_key
. Add your Azure AD application's public key to thepublic_key
file. Please read more in section Azure AD Public Key to find out more about how to get public key. - Copy secrets-example.json and rename it to secrets.json. Add the respective Azure AD details to the
secrets.json
file. - In serverless.yml under
provider
>environment
make sureAUTHORIZER_TYPE
is set toACTIVE_DIRECTORY
. If you want to use no authentication, set it toALWAYS_PASS
In hms-app
- Copy
.env-example
and rename it to.env
. Add your Azure AD application's account ID and redirect URL. - Set
REACT_APP_USE_AZURE_AUTH
totrue
in.env
.
This article gives a good introduction to how to attain public key.
In a nutshell:
- go to https://developer.microsoft.com/de-DE/graph/graph-explorer and login.
- find a JWT token in the localstorage, whose key is
clientInfo
. (might also be credentialType:"AccessToken") - copy the JWT token to https://jwt.io/, and take the decoded
kid
. - go to https://login.microsoftonline.com/common/discovery/keys, The
x5c
value for thekid
in your JWT token is the public key.