// passportAuthentication.js
const passport = require('passport');
const BearerStrategy = require('passport-azure-ad').BearerStrategy;
var options = {
identityMetadata:
'https://login.microsoftonline.com/50ebe1ee-7a5e-48cc-ae50-93c8f4a90d95/v2.0/.well-known/openid-configuration',
clientID: '13b95f07-b937-4710-aae9-ff8b5f7c0366',
audience: '13b95f07-b937-4710-aae9-ff8b5f7c0366',
loggingLevel: 'info',
passReqToCallback: false,
scopes: [
'api://13b95f07-b937-4710-aae9-ff8b5f7c0366/user.read',
'api://13b95f07-b937-4710-aae9-ff8b5f7c0366/AdminAccess',
],
};
var bearerStrategy = new BearerStrategy(options, async (token, done) => {
done(null, {}, token);
});
passport.use(bearerStrategy);
// and in server.js
// Use passport authentication
app.get(
'',
passport.authenticate('oauth-bearer', { session: false }),
async (req, res) => {
// res.send('Logged in');
const user = req.authInfo;
const userEmail = user.preferred_username;
// Get user from db by email
const loggedUser = await UserAccess.findOne({
email: userEmail,
});
if (loggedUser == null || loggedUser == '') {
res.send('User could not be found');
}
// Get UserAccess Client
const client = await Client.findOne({
_id: loggedUser.client,
});
res.send(
'Logged in As ' +
userEmail +
' from Client ' +
client._id +
' with permission band ' +
loggedUser.band
);
}
);