Overview
This article outlines a high-level design of authentication and
authorization options in Azure per a typical SPA use case interacting with
multiple microservices. Compares API gateway pattern versus a direct
client-to-API communication in microservices environment.
Use Case
A user should be able to request the following information:
- User profile via Azure Graph API.
- User documents via SharePoint Online API.
- Aggregated data from two other internal systems.
+----------------------+
+-> | Azure Graph API |
| +----------------------+
+---------+ | +----------------------+
| browser |-+-> | Azure SharePoint API |
+---------+ | +----------------------+
| +----------------------+ +--------+
+-> | App API |---> | API #1 |
+----------------------+ +--------+
+---------------------------+ | +--------+
|Microsoft Identity Platform| +----> | API #2 |
+---------------------------+ +--------+
Posts
