WSFED/SAMLP/OIDC/ Bearer Passport strategies for Azure Active Directory
passport-azure-ad is a collection of Passport Strategies to help you integrate with Azure Active Ditectory. It includes OpenID Connect, WS-Federation, and SAML-P authentication and authorization. These providers lets you integrate your Node app with Windows Azure AD so you can use its many features, including web single sign-on (WebSSO).
For a detailed walkthrough of using Passport.js to add web single sign-on to a Node app, see: Windows Azure AD Walkthrough for Node.js.
$ npm install passport-azure-ad
This sample uses the OAuth2Bearer Strategy:
// We pass these options in to the ODICBearerStrategy.var options =// The URL of the metadata document for your app. We will put the keys for token validation from the URL found in the jwks_uri tag of the in the metadata.identityMetadata: configcredsidentityMetadataissuer: configcredsissueraudience: configcredsaudience;var bearerStrategy = optionslog.info'verifying the user';log.infotoken 'was the token retreived';findByIdtokensubif errreturn doneerr;if !user// "Auto-registration"log.info'User was added automatically as they were new. Their sub is: ' tokensub;userspushtoken;owner = tokensub;return donenull token;owner = tokensub;return donenull user token;;;
This sample uses the OIDCStrategy:
// Use the OIDCStrategy within Passport.// Strategies in passport require a `validate` function, which accept// credentials (in this case, an OpenID identifier), and invoke a callback// with a user object.passportusecallbackURL: configcredsreturnURLrealm: configcredsrealmclientID: configcredsclientIDclientSecret: configcredsclientSecretoidcIssuer: configcredsissueridentityMetadata: configcredsidentityMetadatalog.info'We received profile of: ' profile;log.info'Example: Email address we received was: ' profile_jsonupn;// asynchronous verification, for effect...processnextTickfindByEmailprofile_jsonupnif errreturn doneerr;if !user// "Auto-registration"userspushprofile;return donenull profile;return donenull user;;;;
To complete the sample, provide a route that corresponds to the path configuration parameter that is sent to the strategy:
appget'/login'passportauthenticate'azuread-openidconnect' failureRedirect: '/login'log.info'Login was called in the Sample';resredirect'/';;// POST /auth/openid// Use passport.authenticate() as route middleware to authenticate the// request. The first step in OpenID authentication will involve redirecting// the user to their OpenID provider. After authenticating, the OpenID// provider will redirect the user back to this application at// /auth/openid/returnapppost'/auth/openid'passportauthenticate'azuread-openidconnect' failureRedirect: '/login'log.info'Authenitcation was called in the Sample';resredirect'/';;// GET /auth/openid/return// Use passport.authenticate() as route middleware to authenticate the// request. If authentication fails, the user will be redirected back to the// login page. Otherwise, the primary route function function will be called,// which, in this example, will redirect the user to the home page.appget'/auth/openid/return'passportauthenticate'azuread-openidconnect' failureRedirect: '/login'log.info'We received a return from AzureAD.';resredirect'/';;
Copyright (c) Microsoft Corp. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License");