In the comments it says you should use the Implicit Grant type.
- Identity micro service needs to redirect to AzureAD.
- You need the implicit Grant Type
- The authentication process happens on a log in page on Azure AD OR on a web client that is implemented on the server side. You NEVER implement log in pages on single page applications, you always redirect to server side web page.
The identity micro service needs to treat AzureAD as an external provider and redirect your user to the log in page that AzureAD offers. If this is the only way to log in you always do this redirect to the external provider, otherwise you can show the log in page of the identity provider service with an option to use the microsoft account.
AzureAD then will validate that username/email and password exists and redirect back to your identity provider, which will in turn redirect back to the web page. The Bearer Token will be delivered with the redirection.
The bearer token is valid for a limited time so you also need to implement a refresh mechanism, you can implement this later.
All micro services that are registered to the identity provider in their “Startup.cs” class will be able to Authorize the validity of the bearer token against it.
When your web page calls any micro service that implements the [Authorize] tag in the header, that micro service will validate the bearer token with the identity provider, assuming it is registered with the Identity Provider (I would use IdentityServer 4).
I hope this helps