Hi, I'm creating an application under Azure Functions using managed identity and importing in under APIM as API. Restricting it with managed identity, custom header and jwt-policy for token validation.
The users of my application will either come from mobile client or web client SPA. I don't want an Oauth2 consent screen for login or registration.
But under managed identity how I deal with request of reach user? Identity the unique token of each user's request and use it later to maintain the session life on Mobile App(s) or Web SPA.
I'm not sure what services I need to use to make this flow working. The thing which is clear is I want all users using my app(s) either mobile or web connected and calling my Function APP API's be going through APIM. And then, there is no user interaction involved in terms of consent or oauth flow etc.
Can somebody please guide me? For the right path what to use and when for this requirement. I have gone through many options. Azure B2C or B2b is not my option. It involves user consent.
Here is How it works right now:
On Previous Existing Infrastructure:
We are doing it with our own Symfony API's with JWT Authentication. Due to some business requirement we don't want the user to know if we have migrated from one Cloud to another. But also at the same time we are shifting from RESTful API's to Azure Functions for everything. That is why we want the user to be unaware of the changes we made and everything for them should work as is
In Azure Current I'm trying:
In Azure I have Configured Azure Functions under APIM with Managed Identity+ JWT-Validation. Which works fine. But rest of the confusion stays there. How do I have unique user tokens and sessions with that Azure setup etc.
Users will normally be supplying their Username/Password and then Hit the Request For Example Login. Then it hits the APIM, Which gets authenticated goes through Managed identity Policy and then it hits Functions Assigned Managed Identity. I get Token From Context Variable and pass it to JWT-Validation Policy and then. The next phase is confusing where to store token per User and how the next steps works?
Is this even possible to create such seamless experience while shifting the stack and underlying tech?