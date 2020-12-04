Angular 4+ Adal wrapper package. Can be used to authenticate Angular applications against Azure Active Directory v1 endpoint.

Change Log

Upgraded to Gulp version 4. Build options are now:

gulp watch - watch for file changes do the build task gulp build - clean the dist directory and build the project gulp commit - bump version and add and commit files to git ( for maintainers only ) gulp publish - publish new npm version ( for maintainers only )

Updated to support latest version of adal-angular. Major version updated because of potentially breaking changes.

Added an automatic login token refresh feature. It will refresh tokens at application load if there is a valid sign-in token. It will also refresh the login token 5 minutes before it expires.

Updated to Angular 6, cleaned up files. THIS IS A BREAKING VERSION!

Updated to Angular 5, cleaned up files. THIS IS A BREAKING VERSION!

Fixed a bug where the valid scenario of refreshing an id_token is not handled - thanks to @alan-g-chen.

Hash is now removed from url after login

Added HTTP Interceptor for Angular 4.3.0+

Updated all packages to newest versions

Usage ( tested with Angular 8)

First install the package ( ex using npm )

npm i adal-angular4

Implement ADAL authentication:

Open your Angular root module, usually app.module.ts Add the following import

import { AdalService, AdalGuard, AdalInterceptor } from 'adal-angular4' ; import { HTTP_INTERCEPTORS } from '@angular/common/http' ;

Update your @NgModule providers section with the following line:

providers: [AdalService, AdalGuard, {provide: HTTP_INTERCEPTORS, useClass: AdalInterceptor, multi: true }

It should look something like this:

@NgModule({ declarations : [ AppComponent, ... ], imports : [ ... ], providers : [AdalService, AdalGuard, { provide : HTTP_INTERCEPTORS, useClass : AdalInterceptor, multi : true }, ... ], bootstrap : [AppComponent] })

inside your environment.ts file add your config, this file is created for you when u use the Angular CLI

Usually can be found here: src ├── environements └── environment.ts └── environment.prod.ts

export const environment = { production : false , config : { tenant : 'tenant.onmicrosoft.com' , clientId : 'app registration id' , endpoints : { 'http://localhost:4200/' : 'the id' } } };

Then import the following into your root component usually app.component.ts

import { environment } from '../environments/environment' ; import { AdalService } from 'adal-angular4' ;

Init the adal lib by adding the following lines to your constructor or OnInit

export class AppComponent implements { constructor (private adalService: AdalService) { this .adalService.init(environment.config); this .adalService.handleWindowCallback(); } }

You can protect routes by adding the authguard to you route

import the following inside your routing module file usually app-routing.module.ts

import { AdalGuard } from 'adal-angular4' ;

ex:

const routes: Routes = [ { path : '' , component : YourComponent, canActivate : [AdalGuard] } ];

Login / Logout

You can call the login and logout function with the following code.

AdalService needs to be imported in your file

import { AdalService } from 'adal-angular4' ; constructor (private adalService: AdalService)

Login:

this .adalService.login();

Logout:

this .adalService.logOut();

Check if user is allready authenticated, if not login

Checking if user has allready logged in if not do something

AdalService needs to be imported in your file

import { AdalService } from 'adal-angular4' ; constructor (private adalService: AdalService)

if ( this .adalService.userInfo.authenticated) { } else { }

Using Azure AD Role based Authentication

This section is optional, the library works without these settings aswell.

Setup for Role based authentication in your Angular application:

Steps to do in Azure

Go to you app registration, the same one you used the clientId from inside your environments file. And add your custom roles inside the app manifest:

"appRoles" : [ { "allowedMemberTypes" : [ "User" ], "description" : "your user description" , "displayName" : "UserRole" , "id" : "generate a unique guid" , "isEnabled" : true , "value" : "UserRole" }, { "allowedMemberTypes" : [ "User" ], "description" : "your admin description" , "displayName" : "AdminRole" , "id" : "generate a unique guid" , "isEnabled" : true , "value" : "AdminRole" } ]

Once these roles have been created you can assign them to users:

Open the registration for local directory, this can be found on the overview page on the right side 'Managed application in local directory: -your app registration name-' On this page go to 'Users and groups' and click 'Add user'

Now add the user that needs to be able to access the application and assign a role to the user.

The last step in Azure is activating the User assignment required property in the 'Properties' tab. When you enable this option only users that are assigned a role can login to the application.

Steps in Angular

In order to protect a certain route to be accessed only by authenticated users with a certain role: Update the

with the following data attribute

const routes: Routes = [ { path : '' , component : YourComponent, canActivate : [AdalGuard], data : { expectedRole : 'AdminRole' } } ];

expectedRole can be any of the custom Roles you created in App manifest (appRoles) for your app registration in Azure.