Securing redirection in WebPart using Azure AD: Best practices

I've successfully created a Sharepoint Webpart with a straightforward goal: authenticate users on an external website embedded within Sharepoint. This external site utilizes Azure AD for user logins.

However, my current implementation has a significant security flaw. While I can easily obtain an access token and the component functions as expected, there is a vulnerability in the code:

public render(): void {
   token="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
   <iframe img src="https://www.example.org/oauthCallback.html?token="+token/> 
}

Therefore, I am exploring the option to change it to something like this:

public render(): void {
   <iframe img src="Azure redirection"/>
}

With "Azure redirection" handling user context verification with Azure AD and redirecting callbacks to , I aim to secure the process. However, I am unsure about how to proceed.

Any suggestions or insights would be greatly appreciated.

Best regards

typescriptazuresharepointazure-active-directoryazure-functions

Answer №1

My experience has never involved encountering such a scenario. Typically, we secure a website using Azure AD and a login window popup when attempting to access the site. Alternatively, we may secure a webapi with Azure AD, and then access the api using the access token provided in the client portion. You can find an example of a single page application here.

Similar questions

If you have not found the answer to your question or you are interested in this topic, then look at other similar questions below or use the search

Manipulate the elements within an array, make changes, and then insert

In the array called newData, I am trying to add one more element with Rank 1. However, the issue is that the Rank value is getting updated for both records. The desired behavior is to have Rank set to 1 for the second record and have the first record' ...

javascripttypescript

Is it possible for TypeScript to automatically determine the specific type that was used in a union type parameter?

I need some help with a utility function I'm working on that can remove a specified number of elements from either a string or an array. My goal is to have the compiler determine whether the return value should be a string or an array based on what is ...

typescript

Managing Visual Studio Code Extension Intellisense: A Guide

I am looking to create an extension I recommend using "CompletionList" for users. Users can trigger completion by running "editor.action.triggerSuggest" The process of my extensions is as follows: Users input text If they press the "completion command," ...

javascripttypescriptvisual-studio-codevscode-extensions

Invoke the method saved as a class attribute

Within my codebase, there exists a class named Process. This class has a constructor that takes in a type of object () => void. Initially, everything seemed to be working perfectly fine when I passed this object into the class. However, issues arose whe ...

typescriptscreeps

What is the process for consumers to provide constructor parameters in Angular 2?

Is it possible to modify the field of a component instance? Let's consider an example in test.component.ts: @Component({ selector: 'test', }) export class TestComponent { @Input() temp; temp2; constructor(arg) { ...

javascriptangularjstypescriptangular

Pattern Matching for Excluding Multiple Specific Phrases

I need to restrict what a user can enter into a field based on previous entries that are already in the system. For instance, the user has already entered these values into the database: ["typescript", "C#", "python"] If they type one of these existing ...

regexangulartypescript

Converting an array of objects into a dictionary using TypeScript

I'm attempting to convert an array of objects into a dictionary using TypeScript. Below is the code I have written: let data = [ {id: 1, country: 'Germany', population: 83623528}, {id: 2, country: 'Austria', population: 897555 ...

javascripttypescriptdictionarycollectionshashmap

Implementing basic authentication with AWS Lambda and Application Load Balancer

A few days ago, I sought assistance on implementing basic-authentication with AWS Lambda without a custom authorizer on Stack Overflow. After receiving an adequate solution and successfully incorporating the custom authorizer, I am faced with a similar cha ...

node.jstypescriptaws-lambdaaws-application-load-balancer

Understanding the mechanism behind how the import statement knows to navigate to the package.json file

I find myself stuck in bed at the moment, and despite numerous Google searches with no clear answers, I have chosen to seek help here. Could someone please clarify how scoping works when using import in TypeScript and determining whether to check the pack ...

javascripttypescriptnpmimport

Simultaneously, the installation and build process of a JS application pipeline (utilizing Express for the server and Create-React-App for the client

Issue: My project consists of a server (Express Server for file uploading and deleting) and client (Front End Create-React-App). The structure of the project is as follows: Root Folder With Server Client Folder Each folder has its own package.json. Serv ...

node.jsazureexpressazure-pipelinescreate-react-app

What steps can be taken to effectively build a test suite architecture using Jest?

After exploring all the available resources on the Jest documentation website, including various guides and examples, I have yet to find a solution to my specific question. I am in search of a methodology that would enable me to individually run test case ...

javascriptnode.jstypescriptunit-testingjestjs

Transforming JSON into object instances with Angular

I am facing an issue in my Angular application where I need to convert a JSON object into an array. Although the mapping process is successful, the data within the array does not retain the properties and methods of my original object class. This hinders m ...

angulartypescript

Bug in auto compilation in Typescript within the Visual Studios 2015

Currently, I am utilizing Visual Studio Pro 2015 with auto compile enabled on save feature. The issue arises in the compiled js file when an error occurs within the typescript __extends function. Specifically, it states 'Cannot read property prototyp ...

visual-studiotypescriptvisual-studio-2015

Guide to creating a Map with typescript

I've noticed that many people are converting data to arrays using methods that don't seem possible for me. I'm working with React and TypeScript and I have a simple map that I want to render as a list of buttons. Here is my current progres ...

javascriptarraysreactjstypescriptrendering

I am a beginner in the world of Typescript/Angular, and I have encountered a compiling error TS2339. It seems that even when the condition *ngIf="x.length > 0;" should be false, the

I'm currently enrolled in a Typescript/Angular course where I am learning about the implementation of "*ngIf". During one of the lessons, the instructor provided an example using an empty array to demonstrate how it fails the condition and results in ...

htmlangularangularjstypescript

Utilize an array of observables with the zip and read function

I'm struggling with putting an array of observables into Observable.zip. I need to create a function that reads values from this dynamically sized array, but I'm not sure how to go about it. Does anyone have any suggestions? import {Observable} ...

angulartypescriptrxjs

What is the best approach to creating an array within my formgroup and adding data to it?

I have a function in my ngOnInit that creates a formgroup: ngOnInit() { //When the component starts, create the form group this.variacaoForm = this.fb.group({ variacoes: this.fb.array([this.createFormGroup()]) }); createFormGroup() ...

angulartypescript

Discovering all the specifics of a data type within VSCode's popup feature by hovering over a variable

Hovering over a TypeScript variable in VSCode displays the type definition in a popup. However, for complex types, the popup may not show the full definition and instead use an ellipsis to shorten it. Is there a way to view the entire type definition? ...

typescriptvisual-studio-code

The 'MutableRefObject<null>' type is lacking the following properties that are present in the 'Element' type

I'm eager to implement intersection observer in my React Typescript project. (https://www.npmjs.com/package/react-intersection-observer) However, I encountered an issue with setting the root: const root = useRef(null); const { ref, inView, entry } ...

reactjstypescriptreact-intersection-observer

Encountering a module not found error when attempting to mock components in Jest unit tests using TypeScript within a Node.js

I'm currently in the process of incorporating Jest unit testing into my TypeScript-written Node.js application. However, I've hit a snag when it comes to mocking certain elements. The specific error I'm encountering can be seen below: https ...

node.jstypescriptunit-testingts-jesthapi.js