We have created a function app in the main tenant. The function app is protected by an ADB2C instance which is linked to this main tenant.
What works:
- calling a function (e.g. https:/<myfunction-app>.azurewebsites.net/api/test) via browser redirects to the ADB2C login. After successful login the function runs correctly.
- Login into ADB2C tenant via Msal from an angular app works. We get a token after login and we get a token when calling an uri or function such as https://<myfunction-app>.azurewebsites.net/api/test
- These tokens can be visualized with https://jwt.ms and look fine
What doesn't work:
- Calling a function in the function app with the token from Msal (e.g. this.http.get(https://<myfunction-app>.azurewebsites.net/api/test)...) returns a 401 error (unauthorized). The token is included in the http header
- testing the function and inserting the received token manually in the Azure portal also returns a 401
Summary
- Function app protection via ADB2C works
- Msal login in ADB2C works
It is only the path "Msal -> token -> function-app"which leads to a 401.
Has anyone successfully implemented the protection of an function/web app via ADB2C and Msal? Any hints where to look are most welcome.
Thank you.