I am developing a RESTful application with nodejs in the backend with express.js as middleware. I am also developing a client in Reactjs.
I want to use an external authentication service (LDAP/AD/ADFS) to authenticate the user to the data supplied by the API.
What I don't understand is how the authentication flow is supposed to be designed.
My initial idea was to redirect the client to the auth service, acquire a token and store it in the clients browser. With this token the client can then send it to the backend and verify the token with the auth service and supply the data if the user can access it.
This though, seems to not be the way it should work and I don't know how to do it. I searched the web but only found auth solutions for either react or nodejs+express, nothing that describes the combination of them.
What is the recommended flow? How can I auth someone with react, node and an external auth service?
