Authentication Failed using SWADAB API

[suktvm]

I created 2 App registration one for API and one for Client

In API App Reg set the redirect url

and set the sope

In CLient App registration i created the certificate and give permission to API

i am using azure AD authentication my static web app contains 2 files

staticwebapp.config.json

staticwebapp.database.config.json

Can you give me more details on this . My aim to to generate the acceess token and get the api result in the below 2 steps .
my index.html file is blank with no code as this will be consumed as an API .

@JerryNixon
@yorek FYR

[seantleonard]

DAB hosted behind SWA needs to be accessed via SWA facilitated authentication. That means your front-end application needs to acquire an SWA Cookie/access token via SWA's /.auth endpoint (described here: https://learn.microsoft.com/azure/static-web-apps/authentication-authorization#set-up-sign-in). And then you'd proceed to have your front-end code call the backend data api.

While published a few years ago, this is the only known workaround for obtaining access tokens to back end SWA hosted APIs or Database Connections instances: https://www.aaron-powell.com/posts/2021-07-02-calling-static-web-apps-authenticated-endpoints/

It sounds like you may not have a front end app and just want to host DAB standalone to serve API requests. This use case is best served by deploying a Docker container into your preferred hosting environment and setting DAB's auth method to "AzureAD" or "EntraID", then your requests will be authenticated with that Identity provider.

[suktvm]

Thank you @seantleonard for the quick response .I will try this and get back to you in case of any challenges

[JerryNixon]

Use "AzureId" as we don't have "EntraId" synonyms released yet. #2407 @Aniruddh25

[suktvm]

Can we use Asp.net core web API for this purpose and host in azure app services

If this work is there any documentation available for this ?

[seantleonard]

That NuGet package is referencing the Data API builder CLI tool and not an SDK that can be used to build a project. Here is a reference to how to deploy a containerized DAB: https://learn.microsoft.com/azure/data-api-builder/deployment/

[suktvm]

@seantleonard

Thank you for the information , it worked . just one more clarification needed . My CLient app registration is having some roles and assigned to different user groups. when calling the API and X-MS-API-ROLE is passed with same role its works .

do we need to map the X-MS-API-ROLE to the value of the role coming in Token ?

how this should be implemented .?

what is the purpose of this X-MS-API-ROLE? if the token contains roles mention in config it shoud work right ?