Passport with Azure

PHOTO EMBED

Mon Jul 26 2021 13:34:52 GMT+0000 (Coordinated Universal Time)

Saved by @shihor #passport #azure

// passportAuthentication.js
const passport = require('passport');
const BearerStrategy = require('passport-azure-ad').BearerStrategy;

var options = {
  identityMetadata:
    'https://login.microsoftonline.com/50ebe1ee-7a5e-48cc-ae50-93c8f4a90d95/v2.0/.well-known/openid-configuration',
  clientID: '13b95f07-b937-4710-aae9-ff8b5f7c0366',
  audience: '13b95f07-b937-4710-aae9-ff8b5f7c0366',
  loggingLevel: 'info',
  passReqToCallback: false,
  scopes: [
    'api://13b95f07-b937-4710-aae9-ff8b5f7c0366/user.read',
    'api://13b95f07-b937-4710-aae9-ff8b5f7c0366/AdminAccess',
  ],
};

var bearerStrategy = new BearerStrategy(options, async (token, done) => {
  done(null, {}, token);
});

passport.use(bearerStrategy);

// and in server.js
// Use passport authentication
app.get(
  '',
  passport.authenticate('oauth-bearer', { session: false }),
  async (req, res) => {
    // res.send('Logged in');
    const user = req.authInfo;
    const userEmail = user.preferred_username;
    // Get user from db by email
    const loggedUser = await UserAccess.findOne({
      email: userEmail,
    });
    if (loggedUser == null || loggedUser == '') {
      res.send('User could not be found');
    }

    //   Get UserAccess Client
    const client = await Client.findOne({
      _id: loggedUser.client,
    });
    res.send(
      'Logged in As ' +
        userEmail +
        ' from Client ' +
        client._id +
        ' with permission band ' +
        loggedUser.band
    );
  }
);


content_copyCOPY