I looking to authenticate users using OpenID Connect, Node.js, Passport.js against Azure AD. Could you please point me to any resources/docs and/or sample code?
I came across passport-openidconnect. Is this still the active module? are you aware of any other module that I could use for this? If so if you could point me to some sample code that would be great!
There is a passport module specifically for Azure AD called passport-azure-ad
The steps to do set this up are:
Register your application (in Azure AD)
Install all the required npm packages.
Setup your app to use the passport-azure-ad.
3.a Setup the passport strategy
3.b Add methods to keep track of logged in users
3.c Initialize passport while loading the express engine
3.d Add the routes that will handle login/logoff
Use passport to issue sign-in and sign-out requests to Azure AD
Check out the official docs (which include a sample) for code for each of these steps: https://azure.microsoft.com/en-us/documentation/articles/active-directory-devquickstarts-openidconnect-nodejs/
The answer to your question is positive. There are several node.js modules you can use to implement authentication via AAD.
You can use the ADAL for node.js library, which makes it easy for node.js applications to authenticate to AAD in order to access AAD protected web resources. Please refer to https://github.com/AzureAD/azure-activedirectory-library-for-nodejs for details and code samples.
You can use third-party module such as passport-azure-ad, please refer to https://github.com/Azure-Samples/active-directory-node-webapp-openidconnect for the sample which implement the requirement leveraging express and passport-azure-ad.
Any further concern, please feel free to let me know.
Related
I am trying to login clients using their email and password through Auth0 with a Node.js backend on the Azure app service and a Xamarin.Forms client. The problem is that I can't create a custom authentication on Node.js since the tutorial I was following used a .NET backend. I also followed this tutorial for Node.js backend both by the awesome Adrian Hall, but it seems to override the already exisiting Facebook login system, and I can't find enough material on that problem. Is there any other tutorial on doing that or am I getting something wrong?
You are doing something wrong. You can use Auth0 with no problems - Auth0 will be used for all the providers, and their client SDKs will allow you to choose Facebook, Google, Username/Password or anything else you need.
The mechanism for the process is as documented - I think you just need to re-read the blog post and understand the transaction - you use the Auth0 libraries to get the Auth0 token, then submit your Auth0 token to your custom login API (/.auth/login/custom) to mint an App Service token that is used by the Azure Mobile Apps client SDK.
We have application that is developed using MEAN stack. and we are planning to use Azure AD for authentication.
Client Side
In angular the client side resources are protected using adal JS library based on article here
Server Side Node Web API
To protect server side web api i was following the article here which uses
passport-azure-ad node module. However on passportjs web site i came across one more node module passport-azure-ad-oauth2
So the question is what's the difference between passport-azure-ad vs passport-azure-ad-oauth2
I'm the maintainer of passport-azure-ad. Passport-azure-ad comes from Microsoft and was built to support not just OAuth2 but also scenarios in preview such as B2C and B2B and soon our converged endpoint that we announced at BUILD 2016.
passport-azure-ad-oauth2 is from Auth0 team not affiliated with Microsoft, but they are perfectly good team with good documentation as well. I don't know their level of support for the other scenarios above.
Azure Active Directory is an open platform and strives to use open standards like OAuth2 and Open ID Connect so that developers have this kind of choice.
So, you are free to use whatever library you'd like, but of course from my perspective I'd advocate using the Microsoft OSS libraries on GitHub where they exist, like passport-azure-ad.
Does that help? Feel free to let me know if you run in to any problems with passport-azure-ad if you continue down that route.
I would like to develop a system that can help any developer to create an application based to my API.
My problem is authentication.
I have see (for example) as work google with your services; I would like create an system of oauth (private) such as google (concept) that an developer, after sign to my portal, get APP ID and APP SECRET.
When developer self create these credentials, can use for call API based to https.
My API are developed by nodejs and express system.
I say which way is more stable for create an system robust for this scenario.
Thanks for any support. Any idea is appreciate
You can try http://passportjs.org/, it can work as a middleware with express.
I've been searching high and low for an example of using an Azure API App with authentication with a javascript client. Specifically I am interested in how something like an Angularjs app can authenticate with an Azure API app.
The closest I've got is this example http://azure.microsoft.com/en-us/documentation/articles/app-service-api-javascript-client/
but unfortunately this does not use authentication.
Given many users with be using SPA applications with Azure API Apps I would think there will be a lot of demand for this.
Does anyone have any pointers?
http://azure.microsoft.com/en-us/documentation/articles/app-service-api-dotnet-consume/#authenticated-call-from-a-windows-desktop-application shows how to authenticate for scenarios where we don't yet have an SDK. You should be able to follow the same steps from a JavaScript client. Hope that helps!
Thanks,
Mohit
I am completely new to ADFS. I need to access the ADFS server through node.js. I am searching for good reference notes, with implementation. And suggest me which protocol is best for requesting. Video tutorials are also heplful.
I assume what you want is to authenticate users in AD (via ADFS), for your nodejs based web app. I'd recommend looking first at passport.js.
ADFS supports 2 protocols for web sites: WS-Federation or SAML-P. WS-Fed might be simpler. We open sourced the strategy for WS-Fed and SAML that we use in our product. A strategy is essentially a plug-in for passport.
That strategy should give you a good start.
ADFS v3.0 exposes OAuth2. *
You could use Passport.js with OAuth support or Kong with OAuth support.
You could go the ADFS 2016 OpenId Connect route for ease of implementation (passport.js, only a feature request for kong).
If you're going the Azure route, there's one (passport-azure-ad by the Windows Azure team) specifically for that.
It includes OpenID Connect, WS-Federation, and SAML-P authentication and authorization.
Otherwise, versions disallowing etc., I recommend Eugenio Pace's answer.
Then, check these, is a complete solution (not a video tut)
Using Active Directory Federation Services to Authenticate / Authorize Node.js Apps in Windows Azure
http://seroter.wordpress.com/2013/04/22/using-active-directory-federation-services-to-authenticate-authorize-node-js-apps-in-windows-azure/
pretty fresh tut. (2013/04/22)