How to use the passport-azure-ad.OIDCStrategy function in passport-azure-ad

To help you get started, we’ve selected a few passport-azure-ad examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github microsoft / opensource-portal / middleware / passport-config.ts View on Github external
}
  // ----------------------------------------------------------------------------
  // GitHub Passport session setup.
  // ----------------------------------------------------------------------------
  let githubOptions = {
    clientID: githubAppConfiguration.clientId,
    clientSecret: githubAppConfiguration.clientSecret,
    callbackURL: undefined,
    scope: [],
    userAgent: 'passport-azure-oss-portal-for-github' // CONSIDER: User agent should be configured.
  };
  if (githubAppConfiguration.callbackUrl) {
    githubOptions.callbackURL = githubAppConfiguration.callbackUrl;
  }
  let githubPassportStrategy = new GitHubStrategy(githubOptions, githubResponseToSubset.bind(null, app, modernAppInUse));
  let aadStrategy = new OIDCStrategy({
    redirectUrl: config.activeDirectory.redirectUrl,
    allowHttpForRedirectUrl: config.containers.docker || config.webServer.allowHttp,
    realm: config.activeDirectory.tenantId,
    clientID: config.activeDirectory.clientId,
    clientSecret: config.activeDirectory.clientSecret,
    oidcIssuer: config.activeDirectory.issuer,
    identityMetadata: 'https://login.microsoftonline.com/' + config.activeDirectory.tenantId + '/.well-known/openid-configuration',
    responseType: 'id_token code',
    responseMode: 'form_post',
    validateIssuer: true,
  }, activeDirectorySubset.bind(null, app));

  // Patching the AAD strategy to intercept a specific state failure message and instead
  // of providing a generic failure message, redirecting (HTTP GET) to the callback page
  // where we can offer a more useful message
  const originalFailWithLog = aadStrategy.failWithLog;
github gpimblott / TechRadar / utils / passport.js View on Github external
let userHash = require('crypto').createHash('sha256').update(password).digest('base64');

      if (user.password !== userHash) {
        return cb(null, false, { message: 'Incorrect login' });
      }
      return cb(null, user);
    });
  }));

if (process.env.AZURE_IDENTITY_METADATA) {

  if (strategyConfig.loggingLevel) { log.levels("console", strategyConfig.loggingLevel); }

  // Used by ADFS users
  passport.use(new OIDCStrategy(strategyConfig,
    function (profile, done) {
      // Depending on the type of the account e.g. registered in live.com or kainos.com
      // user's email may be returned in "unique_name" field instead of "email"
      var email = profile._json.email || profile._json.unique_name
      if (!email) {
        return done(new Error("No email found"), null);
      }

      process.nextTick(function () {
        // ADFS user's username is set to the email used in the authentication process
        users.findByUsername(email, function (err, user) {
          if (err) {
            return done(err);
          }
          if (!user) {
            registerUserUsingProfileData(profile._json, function (err, user) {
github Azure-Samples / active-directory-node-webapp-openidconnect / app.js View on Github external
for (var i = 0, len = users.length; i < len; i++) {
    var user = users[i];
   log.info('we are using user: ', user);
    if (user.email === email) {
      return fn(null, user);
    }
  }
  return fn(null, null);
};

// Use the OIDCStrategy within Passport. (Section 2) 
// 
//   Strategies in passport require a `validate` function, which accept
//   credentials (in this case, an OpenID identifier), and invoke a callback
//   with a user object.
passport.use(new OIDCStrategy({
    callbackURL: config.creds.returnURL,
    realm: config.creds.realm,
    clientID: config.creds.clientID,
    clientSecret: config.creds.clientSecret,
    oidcIssuer: config.creds.issuer,
    identityMetadata: config.creds.identityMetadata,
    skipUserProfile: config.creds.skipUserProfile,
    responseType: config.creds.responseType,
    responseMode: config.creds.responseMode
  },
  function(iss, sub, profile, accessToken, refreshToken, done) {
    if (!profile.email) {
      return done(new Error("No email found"), null);
    }
    // asynchronous verification, for effect...
    process.nextTick(function () {
github AzureADQuickStarts / AppModelv2-WebApp-OpenIDConnect-nodejs / app.js View on Github external
// 
// Strategies in passport require a `verify` function, which accepts credentials
// (in this case, the `oid` claim in id_token), and invoke a callback to find
// the corresponding user object.
// 
// The following are the accepted prototypes for the `verify` function
// (1) function(iss, sub, done)
// (2) function(iss, sub, profile, done)
// (3) function(iss, sub, profile, access_token, refresh_token, done)
// (4) function(iss, sub, profile, access_token, refresh_token, params, done)
// (5) function(iss, sub, profile, jwtClaims, access_token, refresh_token, params, done)
// (6) prototype (1)-(5) with an additional `req` parameter as the first parameter
//
// To do prototype (6), passReqToCallback must be set to true in the config.
//-----------------------------------------------------------------------------
passport.use(new OIDCStrategy({
    identityMetadata: config.creds.identityMetadata,
    clientID: config.creds.clientID,
    responseType: config.creds.responseType,
    responseMode: config.creds.responseMode,
    redirectUrl: config.creds.redirectUrl,
    allowHttpForRedirectUrl: config.creds.allowHttpForRedirectUrl,
    clientSecret: config.creds.clientSecret,
    validateIssuer: config.creds.validateIssuer,
    isB2C: config.creds.isB2C,
    issuer: config.creds.issuer,
    passReqToCallback: config.creds.passReqToCallback,
    scope: config.creds.scope,
    loggingLevel: config.creds.loggingLevel,
    nonceLifetime: config.creds.nonceLifetime,
    nonceMaxAmount: config.creds.nonceMaxAmount,
    useCookieInsteadOfSession: config.creds.useCookieInsteadOfSession,
github microsoft / VoTT / server / src / app.ts View on Github external
//
// Strategies in passport require a `verify` function, which accepts credentials
// (in this case, the `oid` claim in id_token), and invoke a callback to find
// the corresponding user object.
//
// The following are the accepted prototypes for the `verify` function
// (1) function(iss, sub, done)
// (2) function(iss, sub, profile, done)
// (3) function(iss, sub, profile, access_token, refresh_token, done)
// (4) function(iss, sub, profile, access_token, refresh_token, params, done)
// (5) function(iss, sub, profile, jwtClaims, access_token, refresh_token, params, done)
// (6) prototype (1)-(5) with an additional `req` parameter as the first parameter
//
// To do prototype (6), passReqToCallback must be set to true in the config.
// -----------------------------------------------------------------------------
passport.use(new passportAzureAD.OIDCStrategy({
  identityMetadata: config.creds.identityMetadata,
  clientID: config.creds.clientID,
  responseType: config.creds.responseType as typeof OIDCStrategyTemplate.responseType,
  responseMode: config.creds.responseMode as typeof OIDCStrategyTemplate.responseMode,
  redirectUrl: config.creds.redirectUrl,
  allowHttpForRedirectUrl: config.creds.allowHttpForRedirectUrl,
  clientSecret: config.creds.clientSecret,
  validateIssuer: config.creds.validateIssuer,
  isB2C: config.creds.isB2C,
  issuer: config.creds.issuer,
  passReqToCallback: false,
  scope: config.creds.scope,
  loggingLevel: config.creds.logLevel as typeof OIDCStrategyTemplate.loggingLevel,
  nonceLifetime: config.creds.nonceLifetime,
  nonceMaxAmount: config.creds.nonceMaxAmount,
  useCookieInsteadOfSession: config.creds.useCookieInsteadOfSession,
github microsoftgraph / nodejs-connect-rest-sample / tsfiles / app.js View on Github external
// Below is an example after you have the key cert pair:
// const https = require('https');
// const certConfig = {
//  key: fs.readFileSync('./utils/cert/server.key', 'utf8'),
//  cert: fs.readFileSync('./utils/cert/server.crt', 'utf8')
// };
// const server = https.createServer(certConfig, app);
// authentication setup
var callback = function (iss, sub, profile, accessToken, refreshToken, done) {
    done(null, {
        profile: profile,
        accessToken: accessToken,
        refreshToken: refreshToken
    });
};
passport.use(new OIDCStrategy(config.creds, callback));
var users = {};
passport.serializeUser(function (user, done) {
    var id = uuid.v4();
    users[id] = user;
    done(null, id);
});
passport.deserializeUser(function (id, done) {
    var user = users[id];
    done(null, user);
});
// view engine setup
app.set('views', path.join(__dirname, 'views'));
app.set('view engine', 'hbs');
app.use(favicon(path.join(__dirname, 'public', 'img', 'favicon.ico')));
app.use(logger('dev'));
app.use(bodyParser.json());
github AzureADQuickStarts / WebApp-OpenIDConnect-NodeJS / app.js View on Github external
// 
// Strategies in passport require a `verify` function, which accepts credentials
// (in this case, the `oid` claim in id_token), and invoke a callback to find
// the corresponding user object.
// 
// The following are the accepted prototypes for the `verify` function
// (1) function(iss, sub, done)
// (2) function(iss, sub, profile, done)
// (3) function(iss, sub, profile, access_token, refresh_token, done)
// (4) function(iss, sub, profile, access_token, refresh_token, params, done)
// (5) function(iss, sub, profile, jwtClaims, access_token, refresh_token, params, done)
// (6) prototype (1)-(5) with an additional `req` parameter as the first parameter
//
// To do prototype (6), passReqToCallback must be set to true in the config.
//-----------------------------------------------------------------------------
passport.use(new OIDCStrategy({
    identityMetadata: config.creds.identityMetadata,
    clientID: config.creds.clientID,
    responseType: config.creds.responseType,
    responseMode: config.creds.responseMode,
    redirectUrl: config.creds.redirectUrl,
    allowHttpForRedirectUrl: config.creds.allowHttpForRedirectUrl,
    clientSecret: config.creds.clientSecret,
    validateIssuer: config.creds.validateIssuer,
    isB2C: config.creds.isB2C,
    issuer: config.creds.issuer,
    passReqToCallback: config.creds.passReqToCallback,
    scope: config.creds.scope,
    loggingLevel: config.creds.loggingLevel,
    nonceLifetime: config.creds.nonceLifetime,
    nonceMaxAmount: config.creds.nonceMaxAmount,
    useCookieInsteadOfSession: config.creds.useCookieInsteadOfSession,
github Glimpse / StickerApp / apigateway / strategy / aad-b2c.js View on Github external
module.exports = function getOIDStrategy() {

    //TODO: Decide which optional settings we want to include (if any)
    passport.use(new OIDCStrategy({
        identityMetadata: config.creds.identityMetadata,
        clientID: config.creds.clientID,
        responseType: config.creds.responseType,
        responseMode: config.creds.responseMode,
        redirectUrl: config.creds.redirectUrl,
        allowHttpForRedirectUrl: config.creds.allowHttpForRedirectUrl,
        clientSecret: config.creds.clientSecret,
        validateIssuer: config.creds.validateIssuer,
        isB2C: config.creds.isB2C,
        issuer: config.creds.issuer,
        passReqToCallback: config.creds.passReqToCallback,
        scope: config.creds.scope,
        loggingLevel: config.creds.loggingLevel,
        nonceLifetime: config.creds.nonceLifetime,
        nonceMaxAmount: config.creds.nonceMaxAmount,
        useCookieInsteadOfSession: config.creds.useCookieInsteadOfSession,
github microsoft / ghcrawler-dashboard / middleware / passport-config.js View on Github external
module.exports = function (app, config) {
  let aadStrategy = new OIDCStrategy({
    redirectUrl: config.activeDirectory.redirectUrl,
    allowHttpForRedirectUrl: config.webServer.allowHttp,
    realm: config.activeDirectory.tenantId,
    clientID: config.activeDirectory.clientId,
    clientSecret: config.activeDirectory.clientSecret,
    oidcIssuer: config.activeDirectory.issuer,
    identityMetadata: 'https://login.microsoftonline.com/' + config.activeDirectory.tenantId + '/.well-known/openid-configuration',
    responseType: 'id_token code',
    responseMode: 'form_post',
    validateIssuer: true
  }, activeDirectorySubset);

  passport.use('azure-active-directory', aadStrategy);

  app.use(passport.initialize());
  app.use(passport.session());
github microsoftgraph / nodejs-connect-sample / app.js View on Github external
findByOid(profile.oid, function(err, user){
    if (err) {
      return done(err);
    }

    if (!user) {
      users.push({profile, accessToken, refreshToken});
      return done(null, profile);
    }

    return done(null, user);
  });
};

passport.use(new OIDCStrategy(config.creds, callback));

const users = [];

passport.serializeUser((user, done) => {
  done(null, user.oid);
});

passport.deserializeUser((id, done) => {
  findByOid(id, function (err, user) {
    done(err, user);
  });
});

var findByOid = function(oid, fn) {
  for (var i = 0, len = users.length; i < len; i++) {
    var user = users[i];

passport-azure-ad

OIDC and Bearer Passport strategies for Azure Active Directory

MIT
Latest version published 2 years ago

Package Health Score

58 / 100
Full package analysis