correct flow of authentication in flask api and angular frontend
Hello,
i have an angular SPA as a frontend of an API written with flask. I want to protect my API with login with microsoft accounts of my organization.
What is the best way to do that?
I tried to authenticate in angular and then send the authentication token to the API but i don't know if it is safe. In addition i need role based authorization (set up in azure application) but i found that the information is only in the id_token and not in the authentication token. I read in the documentation that authentication with id_token is to be avoided because is not secure. How can i do?
Thanks for the reply,
Alberto