Menu
We have application that is written using MEAN stack. Right now application is using home grown authentication. We are trying to replace it with Azure AD authentication.
There is nice article here that shows how to configure Angular for Azure Authentication using ADAL.JS library. This will protect client side resources. In the example the server side APIs are written using .Net Web API and OWIN is used to protect Web API. So OWIN is responsible for validating Bearer token send from the client.
With MEAN stack the server side API are written in Node.js, so how do we protect Node.js API if we switch to Azure AD? Is there any Node module available from Microsoft? Any Example will greatly appriciated.
295
Step 2: Configure an authorization in API ManagementSign into Azure portal and go to your API Management instance. In the left menu, select Authorizations > + Create. After the authorization provider and authorization are created, select Next. On the Login tab, select Login with GitHub.
Enable Azure Active Directory in your App Service app. Sign in to the Azure portal and navigate to your app. Select Authentication in the menu on the left. Click Add identity provider.
I have recently implemented one with my react application with nodejs backend and with passport-azure-ad
You can refer to my post here for both authorization and authentication https://stackoverflow.com/a/58761942/8238968
You can find the key values for BearerStrategyOptions at https://github.com/AzureADQuickStarts/AppModelv2-WebAPI-nodejs/blob/master/node-server/config.js
Also, FYI I used the following common endpoint https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration for identityMetadata
const BearerStrategyOptions = {
identityMetadata,
clientID,
validateIssuer,
issuer,
passReqToCallback,
allowMultiAudiencesInToken,
audience
};
For Authorization:
passport.use(
new BearerStrategy(BearerStrategyOptions, function(token, done) {
console.log("verifying the user");
console.log(token, "was the token retreived");
findByOid(token.oid, function(err, user) {
if (err) {
return done(err);
}
if (!user) {
// "Auto-registration"
console.log(
"User was added automatically as they were new. Their oid is: ",
token.oid
);
users.push(token);
owner = token.oid;
return done(null, token);
}
owner = token.oid;
return done(null, user, token);
});
})
);
And to authorize the routes use the following code in your api
passport.authenticate('oauth-bearer', {session: false})
Done! Hope this helps :)
87
Microsoft provides a passport plugin, passport-azure-ad.
passport-azure-ad is a collection of Passport Strategies to help you integrate with Azure Active Directory. It includes OpenID Connect, WS-Federation, and SAML-P authentication and authorization. These providers let you integrate your Node app with Microsoft Azure AD so you can use its many features, including web single sign-on (WebSSO), Endpoint Protection with OAuth, and JWT token issuance and validation.
27
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
