How to make Azure AD autorization flow from SPA to Spring Boot Rest service

Question

We have a SPA that is protected with Azure AD. This seems to work fine, and users can authenticate ok.

We also have a spring boot rest service, that is also secured by Azure AD. When we try to do an GET from e.g. chrome, we get redirected to Azure for authentication, and then routed back to the rest service where we get the result.

But, when we try to call this rest service from SPA client, it does not work. Our client is running on http://localhost:5010/ and when we try to access the rest service, after the client itself successfully has authenticated against Azure, we just get a redirect to http://localhost:5010/login

This tells me that the rest service are not able to verify the clients authenication, but I don't understand why.

We use adal-angular4 in our SPA and adal4j in our spring boot server.

How can I make the rest service accept tokens from SPA client, without trying to re-authenticate rest service?

Answer 1

According to the comment, you got these as headers:

Host: localhost:5010
Connection: keep-alive
Accept: application/json, text/plain, /
X-XSRF-TOKEN: 1c35cf04-25a1-4c59-8429-6e48b8484ef3
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36
Referer: localhost:5010/vesselActivity
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9,nb;q=0.8
Cookie: XSRF-TOKEN=1c35cf04-25a1-4c59-8429-6e48b8484ef3

Only Cookie is XSRF cookie, so it seems you're lacking authorization headers in your client app.