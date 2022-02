Passport strategy for authenticating with Azure OAuth 2.0 API, with prompt and state support.

Installation

npm install passport-azure-oauth2 --save

Usage

Create a module auth.js :

; var AzureOAuth2Strategy = require ( "passport-azure-oauth2" ); var jwt = require ( "jwt-simple" ); var config = require ( "../config" ); function AzureOAuthStrategy ( ) { this .passport = require ( "passport" ); this .passport.use( "provider" , new AzureOAuth2Strategy({ clientID : config.clientID, clientSecret : config.clientSecret, callbackURL : config.callbackUri, resource : config.resource, tenant : config.tenant, prompt : 'login' , state : false }, function ( accessToken, refreshtoken, params, profile, done ) { var user = jwt.decode(params.id_token, "" , true ); done( null , user); })); this .passport.serializeUser( function ( user, done ) { done( null , user); }); this .passport.deserializeUser( function ( user, done ) { done( null , user); }); } module .exports = new AzureOAuthStrategy();

Now plug this in like so:

var auth = require ( "./auth" ), var express = require ( "express" ) var app = express(); app. use ( auth . passport . initialize ()); app. use ( auth . passport . session ()); app.get( "/login" , auth.passport.authenticate( "provider" , { successRedirect: "/" })); app.get( "/cb" , auth.passport.authenticate( "provider" , { successRedirect: "/" , failureRedirect: "/login" }), function (req, res) { res.redirect( "/" ); });

###state

Simply plugin express-session to enable session support, and set state: true when creating your AzureOAuthStrategy

[Recommended] A randomly generated non-reused value that is sent in the request and returned in the response. This parameter is used as a mitigation against cross-site request forgery (CSRF) attacks. For more information, see Best Practices for OAuth 2.0 in Azure AD.

var session = require("express-session"); app.use( session({ secret: 'somesecret' , resave: true , saveUninitialized : true }));

###prompt

Simply set prompt: 'login' when creating your AzureOAuthStrategy

[Optional] Indicate the type of user interaction that is required. Valid values are:

login: The user should be prompted to re-authenticate.

consent: User consent has been granted, but needs to be updated. The user should be prompted to consent.

admin_consent: An administrator should be prompted to consent on behalf of all users in their organization.

Tests

npm test

License

MIT