What is best solution for user registration? - reactjs

I have django-rest-framework backend and React frontend.
I want to use SSO (Single Sign-On).
JWT token will be used for registration and authentification.
What is the best approach for registration?
Using front-end in this case will make two requests to SSO for registration (getting JWT) and to back-end with data.
Front-end make only one request to back-end with data and registration will be there.

JSON webtokens works of registration.
there is an option to add Refresh tokens with JSON tokens but needs more work, secure
tokens against XSS attacks, then u r good to go :)


What is the authentification architecture based on Azure AD, React and NestJS?

I'm a bit confused because I read a lot about authentication in React apps and NestJS app with using Passport, passport-azure-ad, msal-react with two different Azure AD Apps. Where I authenticate the user in the React app and msal-lib and then using JWT to authenticate against my NestJS api backend.
But is that really necessary and best prectice if my react app is served through my NestJS app and the user auth via Passport to get the static files?
I plan to host the whole app (frontend and backend) later in an Azure App Service.
Hope you can give me hints how to setupg auth in my app.

Send emails on behalf of a user

We develop an app that sends mail on behalf of a user when some event occurs. We have SPA (react) that the user can log in with several emails and choose the sender depending on which event has occurred. Then, when the event occurs the server (python - fastAPI) side sends mail on behalf of the user who logged in from the spa (or the chosen one from a list). We succeeded to do it with gmail but we faced problems with azure ad.
Thats the steps we want to achieve:
The user connects to his Microsoft account from SPA (react).
The SPA sends the tokens to the server (fastApi).
The server requests the graph api for refreshToken.
We tried to use msal in the front-end but we only get access token because thats SPA. how can we obtain what we want to achieve?
We also tried to use the accessToken from back-end as a Web platform.
Is there a better way to do it?

Backing multiple IdPs behind FoxIDs IdP

We want to store users in the open source FoxIDs IdP combined with users located in Azure AD.
Is it possible to provide an additional IdP (Azure AD) for the FoxIDs IdP without the service provider (website) having to know that it is to ways login?
The setup:
We have a website using SAML 2.0 that interfaces towards FoxIDs.
Users are redirected to FoxIDs login.
Based on what email the user enters, they are (depending on the domain) either: Redirected to Azure AD or stays on FoxIDs where they authenticated with username/password.

How should I setup auth in a nodejs app?

I am currently developing a small application with a couple of endpoints in nodejs and an angularjs frontend.
At the moment I have an endpoint for users and another one for events. The thing is, I was thinking of making all the GET methods require auth, so that someone that isn't logged in can't access the system, for that I thought of using PassportJS.
Anyways, my question/s would be the following:
What auth strategy should I use? Basic, OAuth or another? Why would that be? I mean, I understand how their flow works, but I don't know why one or another would be appropiate for my app.
Should the endpoints require auth or should it check cookies/token or something else in the session? I'm completely new to this, so I don't even know if this question makes sense.
In any case, I would appreciate any overall insight in the topic since I don't have any experience in developing applications with auth and security.
You have to provide more details about your authentication needs in order for someone to give you a definitive answer to this broad question.
Based on your question, one can assume you don't have any requirements though, therefore I could suggest JWT (JSON Web Tokens - https://jwt.io/)
There are nodejs libraries that can help you create, decode, verify JWT tokens. (such as jsonwebtoken). You can find more details about it on github.
Once someone is logged in, you could pass this generated token back to the client which could store it in the browser's session.
The token can be used in subsequent requests by appending it in the request header.
On the server side, you can add a custom auth middleware to the routes that require authentication, which will verify the token's validity and call the next middleware for the current route.

Azure AD B2C with Angular 2

I believe Azure AD B2C is great and will lift a lot of weight for many devs. I have a few questions as I stubbornly try to get it in production on my personal apps as soon as possible.
Is it ok to use azure ad b2c with angular js as long as we are ok with the id_token expiring every hour and have to make users go back to AAD everytime?
If not, is it ok to just use the graph api with angular js? (might be a redundant question)
If our need is to just return claims and an id_token, Can we use azure ad b2c in production?
Any help/source code greatly appreciated.
1 -2 When the token expires it can be auto renewed without the user having to re-enter their credentials on Azure.
I don't see any reason why you shouldn't use Azure B2c in production. It is in general availability and production ready.
As Azure AD B2C is an implementation of Open ID you may benefit from getting an overview of Open ID. There are may resources on the internet. Here is a quick overview video.
