I am trying a setup of two app services (frontend and middletier) and a mysql database in Azure. I would like to setup the following scenario:
- User authenticates to the frontend app using Azure AD.
- The frontend app fires a REST call to the middletier.
- The middletier gets the data from the Mysql database and sends it to the frontend.
I want to authenticate user once (by the frontend) and use the same token to authenticate middletier and the database. I am using Java with Spring for development. I found a tutorial which explains the OAuth token authentication from frontend to the middletier, but it does not explain how the same token can be used to connect to mysql database for each user of the application.
Has someone tried this before? and Could someone give an overview of the best approach in this scenario?
You can acquire an access token for your middle tier and then exchange it (using the middle tier) for an access token for your MySQL database using the OBO flow. Your middle tier app registration can be used for both WebAPI A and B described in the link.