// passportAuthentication.js const passport = require('passport'); const BearerStrategy = require('passport-azure-ad').BearerStrategy; var options = { identityMetadata: 'https://login.microsoftonline.com/50ebe1ee-7a5e-48cc-ae50-93c8f4a90d95/v2.0/.well-known/openid-configuration', clientID: '13b95f07-b937-4710-aae9-ff8b5f7c0366', audience: '13b95f07-b937-4710-aae9-ff8b5f7c0366', loggingLevel: 'info', passReqToCallback: false, scopes: [ 'api://13b95f07-b937-4710-aae9-ff8b5f7c0366/user.read', 'api://13b95f07-b937-4710-aae9-ff8b5f7c0366/AdminAccess', ], }; var bearerStrategy = new BearerStrategy(options, async (token, done) => { done(null, {}, token); }); passport.use(bearerStrategy); // and in server.js // Use passport authentication app.get( '', passport.authenticate('oauth-bearer', { session: false }), async (req, res) => { // res.send('Logged in'); const user = req.authInfo; const userEmail = user.preferred_username; // Get user from db by email const loggedUser = await UserAccess.findOne({ email: userEmail, }); if (loggedUser == null || loggedUser == '') { res.send('User could not be found'); } // Get UserAccess Client const client = await Client.findOne({ _id: loggedUser.client, }); res.send( 'Logged in As ' + userEmail + ' from Client ' + client._id + ' with permission band ' + loggedUser.band ); } );