How to combine Authentication using Azure AD with username and Password stored in database?

You can make use of Authorization code flow or ROPC flow to generate the access token by signing in with the username and password.

• ROPC flow isn’t recommended by Microsoft due to security risk.
• Hence you can make use of Authorization code flow to generate access token for the user with all permissions and roles assigned to the user.

You need to register an application in Microsoft Entra and use token endpoints to generate access token if you are choosing Azure AD Authentication.

And grant permissions to the application (if you are using custom API, you can grant permission to custom API):

For sample, I granted Microsoft Graph API permission:

Generated auth code using below endpoint:

https://login.microsoftonline.com/TenantID/oauth2/v2.0/authorize?
&client_id=ClientID
&response_type=code
&redirect_uri=https://jwt.ms
&response_mode=query
&scope=https://graph.microsoft.com/.default
&state=12345

Sign in with the username and password:

Now generate the access token by using below parameters:

https://login.microsoftonline.com/TenantID/oauth2/v2.0/token

client_id:ClientID
scope:https://graph.microsoft.com/.default
grant_type:authorization_code
code:code
redirect_uri:RedirectURL
client_secret:ClientSecret

The above access token will contain the roles and permissions assigned to the user and you can perform actions that is access Azure resources and APIs based on your requirement.

• You can decode the access token in jwt.ms and check the scopes claim.

References:

Choose a Microsoft Graph authentication provider – Microsoft Graph | Microsoft

microsoft-authentication-library-for-js/lib/msal-react at dev · AzureAD/microsoft-authentication-library-for-js · GitHub by hectormmg