passport-azure-oauth2
Passport strategy for authenticating with Azure OAuth 2.0 API, with prompt and state support.
Installation
npm install passport-azure-oauth2 --save
Usage
Create a module auth.js
:
/*jshint camelcase: false */
var AzureOAuth2Strategy = require("passport-azure-oauth2");
var jwt = require("jwt-simple");
var config = require("../config");
function AzureOAuthStrategy() {
this.passport = require("passport");
this.passport.use("provider", new AzureOAuth2Strategy({
clientID: config.clientID,
clientSecret: config.clientSecret,
callbackURL: config.callbackUri,
resource: config.resource,
tenant: config.tenant,
prompt: 'login',
state: false
},
function (accessToken, refreshtoken, params, profile, done) {
var user = jwt.decode(params.id_token, "", true);
done(null, user);
}));
this.passport.serializeUser(function(user, done) {
//console.log("profile : ", user);
done(null, user);
});
this.passport.deserializeUser(function(user, done) {
//console.log("profile : ", user);
done(null, user);
});
}
module.exports = new AzureOAuthStrategy();
;
Now plug this in like so:
var auth = require("./auth"),
var express = require("express")
var app = express();
app.use(auth.passport.initialize());
app.use(auth.passport.session());
app.get("/login", auth.passport.authenticate("provider", { successRedirect: "/" }));
app.get("/cb",
auth.passport.authenticate("provider", {
successRedirect: "/",
failureRedirect: "/login" }), function (req, res) { res.redirect("/"); });
###state
Simply plugin express-session
to enable session support, and set state: true
when creating your AzureOAuthStrategy
[Recommended] A randomly generated non-reused value that is sent in the request and returned in the response. This parameter is used as a mitigation against cross-site request forgery (CSRF) attacks. For more information, see Best Practices for OAuth 2.0 in Azure AD.
var session = require("express-session");
app.use( session({
secret: 'somesecret',
resave: true,
saveUninitialized : true
}));
###prompt
Simply set prompt: 'login'
when creating your AzureOAuthStrategy
[Optional] Indicate the type of user interaction that is required. Valid values are:
- login: The user should be prompted to re-authenticate.
- consent: User consent has been granted, but needs to be updated. The user should be prompted to consent.
- admin_consent: An administrator should be prompted to consent on behalf of all users in their organization.
Tests
npm test