commit
6bb353de89
@ -0,0 +1,9 @@
|
||||
# Microsoft Open Source Code of Conduct
|
||||
|
||||
This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
|
||||
|
||||
Resources:
|
||||
|
||||
- [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/)
|
||||
- [Microsoft Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/)
|
||||
- Contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with questions or concerns
|
@ -0,0 +1,33 @@
|
||||
<!--
|
||||
IF SUFFICIENT INFORMATION IS NOT PROVIDED VIA THE FOLLOWING TEMPLATE THE ISSUE MIGHT BE CLOSED WITHOUT FURTHER CONSIDERATION OR INVESTIGATION
|
||||
-->
|
||||
> Please provide us with the following information:
|
||||
> ---------------------------------------------------------------
|
||||
|
||||
### This issue is for a: (mark with an `x`)
|
||||
```
|
||||
- [ ] bug report -> please search issues before submitting
|
||||
- [ ] feature request
|
||||
- [ ] documentation issue or request
|
||||
- [ ] regression (a behavior that used to work and stopped in a new release)
|
||||
```
|
||||
|
||||
### Minimal steps to reproduce
|
||||
>
|
||||
|
||||
### Any log messages given by the failure
|
||||
>
|
||||
|
||||
### Expected/desired behavior
|
||||
>
|
||||
|
||||
### OS and Version?
|
||||
> Windows 7, 8 or 10. Linux (which distribution). macOS (Yosemite? El Capitan? Sierra?)
|
||||
|
||||
### Versions
|
||||
>
|
||||
|
||||
### Mention any other details that might be useful
|
||||
|
||||
> ---------------------------------------------------------------
|
||||
> Thanks! We'll be in touch soon.
|
@ -0,0 +1,45 @@
|
||||
## Purpose
|
||||
<!-- Describe the intention of the changes being proposed. What problem does it solve or functionality does it add? -->
|
||||
* ...
|
||||
|
||||
## Does this introduce a breaking change?
|
||||
<!-- Mark one with an "x". -->
|
||||
```
|
||||
[ ] Yes
|
||||
[ ] No
|
||||
```
|
||||
|
||||
## Pull Request Type
|
||||
What kind of change does this Pull Request introduce?
|
||||
|
||||
<!-- Please check the one that applies to this PR using "x". -->
|
||||
```
|
||||
[ ] Bugfix
|
||||
[ ] Feature
|
||||
[ ] Code style update (formatting, local variables)
|
||||
[ ] Refactoring (no functional changes, no api changes)
|
||||
[ ] Documentation content changes
|
||||
[ ] Other... Please describe:
|
||||
```
|
||||
|
||||
## How to Test
|
||||
* Get the code
|
||||
|
||||
```
|
||||
git clone [repo-address]
|
||||
cd [repo-name]
|
||||
git checkout [branch-name]
|
||||
npm install
|
||||
```
|
||||
|
||||
* Test the code
|
||||
<!-- Add steps to run the tests suite and/or manually test -->
|
||||
```
|
||||
```
|
||||
|
||||
## What to Check
|
||||
Verify that the following are valid
|
||||
* ...
|
||||
|
||||
## Other Information
|
||||
<!-- Add any other helpful information that may be needed here. -->
|
@ -0,0 +1,121 @@
|
||||
# ---> Node
|
||||
# Logs
|
||||
logs
|
||||
*.log
|
||||
npm-debug.log*
|
||||
yarn-debug.log*
|
||||
yarn-error.log*
|
||||
lerna-debug.log*
|
||||
|
||||
# Diagnostic reports (https://nodejs.org/api/report.html)
|
||||
report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
|
||||
|
||||
# Runtime data
|
||||
pids
|
||||
*.pid
|
||||
*.seed
|
||||
*.pid.lock
|
||||
|
||||
# Directory for instrumented libs generated by jscoverage/JSCover
|
||||
lib-cov
|
||||
|
||||
# Coverage directory used by tools like istanbul
|
||||
coverage
|
||||
*.lcov
|
||||
|
||||
# nyc test coverage
|
||||
.nyc_output
|
||||
|
||||
# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
|
||||
.grunt
|
||||
|
||||
# Bower dependency directory (https://bower.io/)
|
||||
bower_components
|
||||
|
||||
# node-waf configuration
|
||||
.lock-wscript
|
||||
|
||||
# Compiled binary addons (https://nodejs.org/api/addons.html)
|
||||
build/Release
|
||||
|
||||
# Dependency directories
|
||||
node_modules/
|
||||
jspm_packages/
|
||||
|
||||
# Snowpack dependency directory (https://snowpack.dev/)
|
||||
web_modules/
|
||||
|
||||
# TypeScript cache
|
||||
*.tsbuildinfo
|
||||
|
||||
# Optional npm cache directory
|
||||
.npm
|
||||
|
||||
# Optional eslint cache
|
||||
.eslintcache
|
||||
|
||||
# Microbundle cache
|
||||
.rpt2_cache/
|
||||
.rts2_cache_cjs/
|
||||
.rts2_cache_es/
|
||||
.rts2_cache_umd/
|
||||
|
||||
# Optional REPL history
|
||||
.node_repl_history
|
||||
|
||||
# Output of 'npm pack'
|
||||
*.tgz
|
||||
|
||||
# Yarn Integrity file
|
||||
.yarn-integrity
|
||||
|
||||
# dotenv environment variables file
|
||||
.env
|
||||
.env.test
|
||||
|
||||
# parcel-bundler cache (https://parceljs.org/)
|
||||
.cache
|
||||
.parcel-cache
|
||||
|
||||
# Next.js build output
|
||||
.next
|
||||
out
|
||||
|
||||
# Nuxt.js build / generate output
|
||||
.nuxt
|
||||
dist
|
||||
|
||||
# Gatsby files
|
||||
.cache/
|
||||
# Comment in the public line in if your project uses Gatsby and not Next.js
|
||||
# https://nextjs.org/blog/next-9-1#public-directory-support
|
||||
# public
|
||||
|
||||
# vuepress build output
|
||||
.vuepress/dist
|
||||
|
||||
# Serverless directories
|
||||
.serverless/
|
||||
|
||||
# FuseBox cache
|
||||
.fusebox/
|
||||
|
||||
# DynamoDB Local files
|
||||
.dynamodb/
|
||||
|
||||
# TernJS port file
|
||||
.tern-port
|
||||
|
||||
# Stores VSCode versions used for testing VSCode extensions
|
||||
.vscode-test
|
||||
|
||||
# yarn v2
|
||||
.yarn/cache
|
||||
.yarn/unplugged
|
||||
.yarn/build-state.yml
|
||||
.yarn/install-state.gz
|
||||
.pnp.*
|
||||
|
||||
|
||||
|
||||
config.js
|
@ -0,0 +1,80 @@
|
||||
[CmdletBinding()]
|
||||
param(
|
||||
[PSCredential] $Credential,
|
||||
[Parameter(Mandatory=$False, HelpMessage='Tenant ID (This is a GUID which represents the "Directory ID" of the AzureAD tenant into which you want to create the apps')]
|
||||
[string] $tenantId,
|
||||
[Parameter(Mandatory=$False, HelpMessage='Azure environment to use while running the script (it defaults to AzureCloud)')]
|
||||
[string] $azureEnvironmentName
|
||||
)
|
||||
|
||||
#Requires -Modules AzureAD -RunAsAdministrator
|
||||
|
||||
|
||||
if ($null -eq (Get-Module -ListAvailable -Name "AzureAD")) {
|
||||
Install-Module "AzureAD" -Scope CurrentUser
|
||||
}
|
||||
Import-Module AzureAD
|
||||
$ErrorActionPreference = "Stop"
|
||||
|
||||
Function Cleanup
|
||||
{
|
||||
if (!$azureEnvironmentName)
|
||||
{
|
||||
$azureEnvironmentName = "AzureCloud"
|
||||
}
|
||||
|
||||
<#
|
||||
.Description
|
||||
This function removes the Azure AD applications for the sample. These applications were created by the Configure.ps1 script
|
||||
#>
|
||||
|
||||
# $tenantId is the Active Directory Tenant. This is a GUID which represents the "Directory ID" of the AzureAD tenant
|
||||
# into which you want to create the apps. Look it up in the Azure portal in the "Properties" of the Azure AD.
|
||||
|
||||
# Login to Azure PowerShell (interactive if credentials are not already provided:
|
||||
# you'll need to sign-in with creds enabling your to create apps in the tenant)
|
||||
if (!$Credential -and $TenantId)
|
||||
{
|
||||
$creds = Connect-AzureAD -TenantId $tenantId -AzureEnvironmentName $azureEnvironmentName
|
||||
}
|
||||
else
|
||||
{
|
||||
if (!$TenantId)
|
||||
{
|
||||
$creds = Connect-AzureAD -Credential $Credential -AzureEnvironmentName $azureEnvironmentName
|
||||
}
|
||||
else
|
||||
{
|
||||
$creds = Connect-AzureAD -TenantId $tenantId -Credential $Credential -AzureEnvironmentName $azureEnvironmentName
|
||||
}
|
||||
}
|
||||
|
||||
if (!$tenantId)
|
||||
{
|
||||
$tenantId = $creds.Tenant.Id
|
||||
}
|
||||
$tenant = Get-AzureADTenantDetail
|
||||
$tenantName = ($tenant.VerifiedDomains | Where-Object { $_._Default -eq $True }).Name
|
||||
|
||||
# Removes the applications
|
||||
Write-Host "Cleaning-up applications from tenant '$tenantName'"
|
||||
|
||||
Write-Host "Removing 'webApp' (ms-identity-node) if needed"
|
||||
Get-AzureADApplication -Filter "DisplayName eq 'ms-identity-node'" | ForEach-Object {Remove-AzureADApplication -ObjectId $_.ObjectId }
|
||||
$apps = Get-AzureADApplication -Filter "DisplayName eq 'ms-identity-node'"
|
||||
if ($apps)
|
||||
{
|
||||
Remove-AzureADApplication -ObjectId $apps.ObjectId
|
||||
}
|
||||
|
||||
foreach ($app in $apps)
|
||||
{
|
||||
Remove-AzureADApplication -ObjectId $app.ObjectId
|
||||
Write-Host "Removed ms-identity-node.."
|
||||
}
|
||||
# also remove service principals of this app
|
||||
Get-AzureADServicePrincipal -filter "DisplayName eq 'ms-identity-node'" | ForEach-Object {Remove-AzureADServicePrincipal -ObjectId $_.Id -Confirm:$false}
|
||||
|
||||
}
|
||||
|
||||
Cleanup -Credential $Credential -tenantId $TenantId
|
@ -0,0 +1,187 @@
|
||||
[CmdletBinding()]
|
||||
param(
|
||||
[PSCredential] $Credential,
|
||||
[Parameter(Mandatory=$False, HelpMessage='Tenant ID (This is a GUID which represents the "Directory ID" of the AzureAD tenant into which you want to create the apps')]
|
||||
[string] $tenantId,
|
||||
[Parameter(Mandatory=$False, HelpMessage='Azure environment to use while running the script (it defaults to AzureCloud)')]
|
||||
[string] $azureEnvironmentName
|
||||
)
|
||||
|
||||
#Requires -Modules AzureAD -RunAsAdministrator
|
||||
|
||||
<#
|
||||
This script creates the Azure AD applications needed for this sample and updates the configuration files
|
||||
for the visual Studio projects from the data in the Azure AD applications.
|
||||
|
||||
Before running this script you need to install the AzureAD cmdlets as an administrator.
|
||||
For this:
|
||||
1) Run Powershell as an administrator
|
||||
2) in the PowerShell window, type: Install-Module AzureAD
|
||||
|
||||
There are four ways to run this script. For more information, read the AppCreationScripts.md file in the same folder as this script.
|
||||
#>
|
||||
|
||||
# Create a password that can be used as an application key
|
||||
Function ComputePassword
|
||||
{
|
||||
$aesManaged = New-Object "System.Security.Cryptography.AesManaged"
|
||||
$aesManaged.Mode = [System.Security.Cryptography.CipherMode]::CBC
|
||||
$aesManaged.Padding = [System.Security.Cryptography.PaddingMode]::Zeros
|
||||
$aesManaged.BlockSize = 128
|
||||
$aesManaged.KeySize = 256
|
||||
$aesManaged.GenerateKey()
|
||||
return [System.Convert]::ToBase64String($aesManaged.Key)
|
||||
}
|
||||
|
||||
# Create an application key
|
||||
# See https://www.sabin.io/blog/adding-an-azure-active-directory-application-and-key-using-powershell/
|
||||
Function CreateAppKey([DateTime] $fromDate, [double] $durationInYears, [string]$pw)
|
||||
{
|
||||
$endDate = $fromDate.AddYears($durationInYears)
|
||||
$keyId = (New-Guid).ToString();
|
||||
$key = New-Object Microsoft.Open.AzureAD.Model.PasswordCredential
|
||||
$key.StartDate = $fromDate
|
||||
$key.EndDate = $endDate
|
||||
$key.Value = $pw
|
||||
$key.KeyId = $keyId
|
||||
return $key
|
||||
}
|
||||
|
||||
Function ReplaceInLine([string] $line, [string] $key, [string] $value)
|
||||
{
|
||||
$index = $line.IndexOf($key)
|
||||
if ($index -ige 0)
|
||||
{
|
||||
$index2 = $index+$key.Length
|
||||
$line = $line.Substring(0, $index) + $value + $line.Substring($index2)
|
||||
}
|
||||
return $line
|
||||
}
|
||||
|
||||
Function ReplaceInTextFile([string] $configFilePath, [System.Collections.HashTable] $dictionary)
|
||||
{
|
||||
$lines = Get-Content $configFilePath
|
||||
$index = 0
|
||||
while($index -lt $lines.Length)
|
||||
{
|
||||
$line = $lines[$index]
|
||||
foreach($key in $dictionary.Keys)
|
||||
{
|
||||
if ($line.Contains($key))
|
||||
{
|
||||
$lines[$index] = ReplaceInLine $line $key $dictionary[$key]
|
||||
}
|
||||
}
|
||||
$index++
|
||||
}
|
||||
|
||||
Set-Content -Path $configFilePath -Value $lines -Force
|
||||
}
|
||||
|
||||
Set-Content -Value "<html><body><table>" -Path createdApps.html
|
||||
Add-Content -Value "<thead><tr><th>Application</th><th>AppId</th><th>Url in the Azure portal</th></tr></thead><tbody>" -Path createdApps.html
|
||||
|
||||
$ErrorActionPreference = "Stop"
|
||||
|
||||
Function ConfigureApplications
|
||||
{
|
||||
<#.Description
|
||||
This function creates the Azure AD applications for the sample in the provided Azure AD tenant and updates the
|
||||
configuration files in the client and service project of the visual studio solution (App.Config and Web.Config)
|
||||
so that they are consistent with the Applications parameters
|
||||
#>
|
||||
$commonendpoint = "common"
|
||||
|
||||
if (!$azureEnvironmentName)
|
||||
{
|
||||
$azureEnvironmentName = "AzureCloud"
|
||||
}
|
||||
|
||||
# $tenantId is the Active Directory Tenant. This is a GUID which represents the "Directory ID" of the AzureAD tenant
|
||||
# into which you want to create the apps. Look it up in the Azure portal in the "Properties" of the Azure AD.
|
||||
|
||||
# Login to Azure PowerShell (interactive if credentials are not already provided:
|
||||
# you'll need to sign-in with creds enabling your to create apps in the tenant)
|
||||
if (!$Credential -and $TenantId)
|
||||
{
|
||||
$creds = Connect-AzureAD -TenantId $tenantId -AzureEnvironmentName $azureEnvironmentName
|
||||
}
|
||||
else
|
||||
{
|
||||
if (!$TenantId)
|
||||
{
|
||||
$creds = Connect-AzureAD -Credential $Credential -AzureEnvironmentName $azureEnvironmentName
|
||||
}
|
||||
else
|
||||
{
|
||||
$creds = Connect-AzureAD -TenantId $tenantId -Credential $Credential -AzureEnvironmentName $azureEnvironmentName
|
||||
}
|
||||
}
|
||||
|
||||
if (!$tenantId)
|
||||
{
|
||||
$tenantId = $creds.Tenant.Id
|
||||
}
|
||||
|
||||
|
||||
|
||||
$tenant = Get-AzureADTenantDetail
|
||||
$tenantName = ($tenant.VerifiedDomains | Where { $_._Default -eq $True }).Name
|
||||
|
||||
# Get the user running the script to add the user as the app owner
|
||||
$user = Get-AzureADUser -ObjectId $creds.Account.Id
|
||||
|
||||
# Create the webApp AAD application
|
||||
Write-Host "Creating the AAD application (ms-identity-node)"
|
||||
# Get a 2 years application key for the webApp Application
|
||||
$pw = ComputePassword
|
||||
$fromDate = [DateTime]::Now;
|
||||
$key = CreateAppKey -fromDate $fromDate -durationInYears 2 -pw $pw
|
||||
$webAppAppKey = $pw
|
||||
# create the application
|
||||
$webAppAadApplication = New-AzureADApplication -DisplayName "ms-identity-node" `
|
||||
-HomePage "http://localhost:3000" `
|
||||
-ReplyUrls "http://localhost:3000/redirect" `
|
||||
-IdentifierUris "https://$tenantName/ms-identity-node" `
|
||||
-PasswordCredentials $key `
|
||||
-PublicClient $False
|
||||
|
||||
# create the service principal of the newly created application
|
||||
$currentAppId = $webAppAadApplication.AppId
|
||||
$webAppServicePrincipal = New-AzureADServicePrincipal -AppId $currentAppId -Tags {WindowsAzureActiveDirectoryIntegratedApp}
|
||||
|
||||
# add the user running the script as an app owner if needed
|
||||
$owner = Get-AzureADApplicationOwner -ObjectId $webAppAadApplication.ObjectId
|
||||
if ($owner -eq $null)
|
||||
{
|
||||
Add-AzureADApplicationOwner -ObjectId $webAppAadApplication.ObjectId -RefObjectId $user.ObjectId
|
||||
Write-Host "'$($user.UserPrincipalName)' added as an application owner to app '$($webAppServicePrincipal.DisplayName)'"
|
||||
}
|
||||
|
||||
|
||||
Write-Host "Done creating the webApp application (ms-identity-node)"
|
||||
|
||||
# URL of the AAD application in the Azure portal
|
||||
# Future? $webAppPortalUrl = "https://portal.azure.com/#@"+$tenantName+"/blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/Overview/appId/"+$webAppAadApplication.AppId+"/objectId/"+$webAppAadApplication.ObjectId+"/isMSAApp/"
|
||||
$webAppPortalUrl = "https://portal.azure.com/#blade/Microsoft_AAD_RegisteredApps/ApplicationMenuBlade/CallAnAPI/appId/"+$webAppAadApplication.AppId+"/objectId/"+$webAppAadApplication.ObjectId+"/isMSAApp/"
|
||||
Add-Content -Value "<tr><td>webApp</td><td>$currentAppId</td><td><a href='$webAppPortalUrl'>ms-identity-node</a></td></tr>" -Path createdApps.html
|
||||
|
||||
|
||||
# Update config file for 'webApp'
|
||||
$configFile = $pwd.Path + "\..\index.js"
|
||||
Write-Host "Updating the sample code ($configFile)"
|
||||
$dictionary = @{ "Enter_the_Application_Id_Here" = $webAppAadApplication.AppId;"Enter_the_Cloud_Instance_Id_HereEnter_the_Tenant_Info_Here" = 'https://login.microsoftonline.com/common';"Enter_the_Client_Secret_Here" = $webAppAppKey };
|
||||
ReplaceInTextFile -configFilePath $configFile -dictionary $dictionary
|
||||
|
||||
Add-Content -Value "</tbody></table></body></html>" -Path createdApps.html
|
||||
}
|
||||
|
||||
# Pre-requisites
|
||||
if ((Get-Module -ListAvailable -Name "AzureAD") -eq $null) {
|
||||
Install-Module "AzureAD" -Scope CurrentUser
|
||||
}
|
||||
|
||||
Import-Module AzureAD
|
||||
|
||||
# Run interactively (will ask you for the tenant ID)
|
||||
ConfigureApplications -Credential $Credential -tenantId $TenantId
|
@ -0,0 +1,224 @@
|
||||
---
|
||||
page_type: sample
|
||||
languages:
|
||||
- csharp
|
||||
- javascript
|
||||
- typescript
|
||||
- python
|
||||
- java
|
||||
products:
|
||||
- node.js
|
||||
- dotnet
|
||||
- aspnet
|
||||
- aspnet-core
|
||||
- dotnet-core
|
||||
- ms-graph
|
||||
- azure-app-service
|
||||
- azure-storage
|
||||
- azure-active-directory
|
||||
- azure-active-directory-b2c
|
||||
name: A Node.js & Express web app authenticating users against Azure AD with MSAL Node
|
||||
urlFragment: ms-identity-javascript-nodejs-tutorial
|
||||
description: "This sample demonstrates a Node.js & Express web app that authenticates users against Azure AD"
|
||||
azureDeploy: <ENTER_FULLY_QUALIFIED_URL_TO_AN_AZURE_RESOURCE_MANAGER>
|
||||
extendedZipContent: <FILES_OR_FOLDERS_WITH_TWO_ABSOLUTE_PATHS_TO_INCLUDE_WITH_ZIP:PATH(NAME_IN_THE_REPO), TARGET(NAME_IN_THE_ZIP)>
|
||||
extensions: <ENTER_CONTENT_THAT_OTHER_TEAMS_CAN_USE_TO_IDENTIFY_SAMPLES>
|
||||
---
|
||||
# A Node.js & Express web app authenticating users against Azure AD with MSAL Node
|
||||
|
||||
1. [Overview](#overview)
|
||||
1. [Scenario](#scenario)
|
||||
1. [Contents](#contents)
|
||||
1. [Prerequisites](#prerequisites)
|
||||
1. [Setup](#setup)
|
||||
1. [Registration](#registration)
|
||||
1. [Running the sample](#running-the-sample)
|
||||
1. [Explore the sample](#explore-the-sample)
|
||||
1. [About the code](#about-the-code)
|
||||
1. [Deployment](#deployment)
|
||||
1. [More information](#more-information)
|
||||
1. [Community Help and Support](#community-help-and-support)
|
||||
1. [Contributing](#contributing)
|
||||
|
||||
![Build badge](https://identitydivision.visualstudio.com/_apis/public/build/definitions/a7934fdd-dcde-4492-a406-7fad6ac00e17/<BuildNumber>/badge)
|
||||
|
||||
## Overview
|
||||
|
||||
This sample demonstrates a Node.js & Express web app that authenticates users against Azure AD.
|
||||
|
||||
## Scenario
|
||||
|
||||
1. The client Node.js & Express web app uses the Microsoft Authentication Library (MSAL) to obtain an ID Token from **Azure AD**.
|
||||
2. The **ID Token** proves that the user has successfully authenticated against **Azure AD**.
|
||||
|
||||
![Overview](./ReadmeFiles/topology.png)
|
||||
|
||||
## Contents
|
||||
|
||||
> Give a high-level folder structure of the sample.
|
||||
|
||||
| File/folder | Description |
|
||||
|-------------------|--------------------------------------------|
|
||||
| `CHANGELOG.md` | List of changes to the sample. |
|
||||
| `CONTRIBUTING.md` | Guidelines for contributing to the sample. |
|
||||
| `LICENSE` | The license for the sample. |
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- An **Azure AD** tenant. For more information see: [How to get an Azure AD tenant](https://docs.microsoft.com/azure/active-directory/develop/quickstart-create-new-tenant)
|
||||
- A user account in your **Azure AD** tenant. This sample will not work with a **personal Microsoft account**. Therefore, if you signed in to the [Azure portal](https://portal.azure.com) with a personal account and have never created a user account in your directory before, you need to do that now.
|
||||
|
||||
## Setup
|
||||
|
||||
### Step 1: Clone or download this repository
|
||||
|
||||
From your shell or command line:
|
||||
|
||||
```console
|
||||
git clone https://github.com/Azure-Samples/ms-identity-javascript-nodejs-tutorial.git
|
||||
```
|
||||
|
||||
or download and extract the repository .zip file.
|
||||
|
||||
> :warning: To avoid path length limitations on Windows, we recommend cloning into a directory near the root of your drive.
|
||||
|
||||
### Register the sample application(s) with your Azure Active Directory tenant
|
||||
|
||||
There is one project in this sample. To register it, you can:
|
||||
|
||||
- follow the steps below for manually register your apps
|
||||
- or use PowerShell scripts that:
|
||||
- **automatically** creates the Azure AD applications and related objects (passwords, permissions, dependencies) for you.
|
||||
- modify the projects' configuration files.
|
||||
|
||||
<details>
|
||||
<summary>Expand this section if you want to use this automation:</summary>
|
||||
|
||||
> :warning: If you have never used **Azure AD Powershell** before, we recommend you go through the [App Creation Scripts](./AppCreationScripts/AppCreationScripts.md) once to ensure that your environment is prepared correctly for this step.
|
||||
|
||||
1. On Windows, run PowerShell as **Administrator** and navigate to the root of the cloned directory
|
||||
1. If you have never used Azure AD Powershell before, we recommend you go through the [App Creation Scripts](./AppCreationScripts/AppCreationScripts.md) once to ensure that your environment is prepared correctly for this step.
|
||||
1. In PowerShell run:
|
||||
|
||||
```PowerShell
|
||||
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process -Force
|
||||
```
|
||||
|
||||
1. Run the script to create your Azure AD application and configure the code of the sample application accordingly.
|
||||
1. In PowerShell run:
|
||||
|
||||
```PowerShell
|
||||
cd .\AppCreationScripts\
|
||||
.\Configure.ps1
|
||||
```
|
||||
|
||||
> Other ways of running the scripts are described in [App Creation Scripts](./AppCreationScripts/AppCreationScripts.md)
|
||||
> The scripts also provide a guide to automated application registration, configuration and removal which can help in your CI/CD scenarios.
|
||||
|
||||
</details>
|
||||
|
||||
### Choose the Azure AD tenant where you want to create your applications
|
||||
|
||||
As a first step you'll need to:
|
||||
|
||||
1. Sign in to the [Azure portal](https://portal.azure.com).
|
||||
1. If your account is present in more than one Azure AD tenant, select your profile at the top right corner in the menu on top of the page, and then **switch directory** to change your portal session to the desired Azure AD tenant.
|
||||
|
||||
### Register the webApp app (ms-identity-node)
|
||||
|
||||
1. Navigate to the [Azure portal](https://portal.azure.com) and select the **Azure AD** service.
|
||||
1. Select the **App Registrations** blade on the left, then select **New registration**.
|
||||
1. In the **Register an application page** that appears, enter your application's registration information:
|
||||
- In the **Name** section, enter a meaningful application name that will be displayed to users of the app, for example `ms-identity-node`.
|
||||
- Under **Supported account types**, select **Accounts in this organizational directory only**.
|
||||
- In the **Redirect URI (optional)** section, select **Web** in the combo-box and enter the following redirect URI: `http://localhost:3000/redirect`.
|
||||
1. Select **Register** to create the application.
|
||||
1. In the app's registration screen, find and note the **Application (client) ID**. You use this value in your app's configuration file(s) later in your code.
|
||||
1. Select **Save** to save your changes.
|
||||
1. In the app's registration screen, select the **Certificates & secrets** blade in the left to open the page where we can generate secrets and upload certificates.
|
||||
1. In the **Client secrets** section, select **New client secret**:
|
||||
- Type a key description (for instance `app secret`),
|
||||
- Select one of the available key durations (**In 1 year**, **In 2 years**, or **Never Expires**) as per your security posture.
|
||||
- The generated key value will be displayed when you select the **Add** button. Copy the generated value for use in the steps later.
|
||||
- You'll need this key later in your code's configuration files. This key value will not be displayed again, and is not retrievable by any other means, so make sure to note it from the Azure portal before navigating to any other screen or blade.
|
||||
|
||||
#### Configure the webApp app (ms-identity-node) to use your app registration
|
||||
|
||||
Open the project in your IDE (like Visual Studio or Visual Studio Code) to configure the code.
|
||||
|
||||
> In the steps below, "ClientID" is the same as "Application ID" or "AppId".
|
||||
|
||||
1. Open the `index.js` file.
|
||||
1. Find the key `Enter_the_Application_Id_Here` and replace the existing value with the application ID (clientId) of `ms-identity-node` app copied from the Azure portal.
|
||||
1. Find the key `Enter_the_Cloud_Instance_Id_HereEnter_the_Tenant_Info_Here` and replace the existing value with 'https://login.microsoftonline.com/common'.
|
||||
1. Find the key `Enter_the_Client_Secret_Here` and replace the existing value with the key you saved during the creation of `ms-identity-node` copied from the Azure portal.
|
||||
|
||||
## Running the sample
|
||||
|
||||
## Explore the sample
|
||||
|
||||
> Explain how to explore the sample.
|
||||
> Insert a screenshot of the client application.
|
||||
|
||||
> :information_source: Did the sample not work for you as expected? Then please reach out to us using the [GitHub Issues](../../../issues) page.
|
||||
|
||||
## We'd love your feedback!
|
||||
|
||||
Were we successful in addressing your learning objective? Consider taking a moment to [share your experience with us](Enter_Survey_Form_Link).
|
||||
|
||||
## About the code
|
||||
|
||||
> - Describe where the code uses auth libraries, or calls the graph
|
||||
> - Describe specific aspects (e.g. caching, validation etc.)
|
||||
|
||||
## Deployment
|
||||
|
||||
|
||||
### Deploying web app to Azure App Services
|
||||
|
||||
There is one web app in this sample. To deploy it to **Azure App Services**, you'll need to:
|
||||
|
||||
- create an **Azure App Service**
|
||||
- publish the projects to the **App Services**, and
|
||||
- update its client(s) to call the website instead of the local environment.
|
||||
#### Update the Azure AD app registration (ms-identity-node)
|
||||
|
||||
1. Navigate back to to the [Azure portal](https://portal.azure.com).
|
||||
In the left-hand navigation pane, select the **Azure Active Directory** service, and then select **App registrations (Preview)**.
|
||||
1. In the resulting screen, select the `ms-identity-node` application.
|
||||
1. In the app's registration screen, select **Authentication** in the menu.
|
||||
- In the **Redirect URIs** section, update the reply URLs to match the site URL of your Azure deployment. For example:
|
||||
- `https://ms-identity-node.azurewebsites.net/redirect`
|
||||
|
||||
> :warning: If your app is using an *in-memory* storage, **Azure App Services** will spin down your web site if it is inactive, and any records that your app was keeping will emptied. In addition, if you increase the instance count of your website, requests will be distributed among the instances. Your app's records, therefore, will not be the same on each instance.
|
||||
|
||||
|
||||
## More information
|
||||
|
||||
- [Microsoft identity platform (Azure Active Directory for developers)](https://docs.microsoft.com/azure/active-directory/develop/)
|
||||
- [Overview of Microsoft Authentication Library (MSAL)](https://docs.microsoft.com/azure/active-directory/develop/msal-overview)
|
||||
- [Quickstart: Register an application with the Microsoft identity platform (Preview)](https://docs.microsoft.com/azure/active-directory/develop/quickstart-register-app)
|
||||
- [Quickstart: Configure a client application to access web APIs (Preview)](https://docs.microsoft.com/azure/active-directory/develop/quickstart-configure-app-access-web-apis)
|
||||
- [Understanding Azure AD application consent experiences](https://docs.microsoft.com/azure/active-directory/develop/application-consent-experience)
|
||||
- [Understand user and admin consent](https://docs.microsoft.com/azure/active-directory/develop/howto-convert-app-to-be-multi-tenant#understand-user-and-admin-consent)
|
||||
- [Application and service principal objects in Azure Active Directory](https://docs.microsoft.com/azure/active-directory/develop/app-objects-and-service-principals)
|
||||
- [National Clouds](https://docs.microsoft.com/azure/active-directory/develop/authentication-national-cloud#app-registration-endpoints)
|
||||
- [MSAL code samples](https://docs.microsoft.com/azure/active-directory/develop/sample-v2-code)
|
||||
|
||||
For more information about how OAuth 2.0 protocols work in this scenario and other scenarios, see [Authentication Scenarios for Azure AD](https://docs.microsoft.com/azure/active-directory/develop/authentication-flows-app-scenarios).
|
||||
|
||||
## Community Help and Support
|
||||
|
||||
Use [Stack Overflow](http://stackoverflow.com/questions/tagged/msal) to get support from the community.
|
||||
Ask your questions on Stack Overflow first and browse existing issues to see if someone has asked your question before.
|
||||
Make sure that your questions or comments are tagged with [`azure-active-directory` `azure-ad-b2c` `ms-identity` `adal` `msal`].
|
||||
|
||||
If you find a bug in the sample, raise the issue on [GitHub Issues](../../../issues).
|
||||
|
||||
To provide feedback on or suggest features for Azure Active Directory, visit [User Voice page](https://feedback.azure.com/forums/169401-azure-active-directory).
|
||||
|
||||
## Contributing
|
||||
|
||||
If you'd like to contribute to this sample, see [CONTRIBUTING.MD](/CONTRIBUTING.md).
|
||||
|
||||
This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). For more information, see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
|
@ -0,0 +1,33 @@
|
||||
{
|
||||
"Sample": {
|
||||
"Title": "A Node.js & Express web app authenticating users against Azure AD with MSAL Node",
|
||||
"Level": 100,
|
||||
"Client": "Node.js & Express web app"
|
||||
},
|
||||
"AppRegistrations": [
|
||||
{
|
||||
"x-ms-id": "webApp",
|
||||
"x-ms-name": "ms-identity-node",
|
||||
"x-ms-version": "2.0",
|
||||
"replyUrlsWithType": [
|
||||
{
|
||||
"url": "http://localhost:3000/redirect",
|
||||
"type": "Web"
|
||||
}
|
||||
],
|
||||
"oauth2AllowImplicitFlow": false,
|
||||
"oauth2AllowIdTokenImplicitFlow": false,
|
||||
"codeConfigurations": [
|
||||
{
|
||||
"settingFile": "/index.js",
|
||||
"replaceTokens": {
|
||||
"appId": "Enter_the_Application_Id_Here",
|
||||
"tenantId": "Enter_the_Tenant_Info_Here",
|
||||
"clientSecret": "Enter_the_Client_Secret_Here",
|
||||
"authorityEndpointHost": "Enter_the_Cloud_Instance_Id_Here"
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -0,0 +1,41 @@
|
||||
{
|
||||
"Sample": {
|
||||
"Title": "A Node.js & Express web app authenticating users against Azure AD with MSAL Node",
|
||||
"Level": 100,
|
||||
"Client": "Node.js & Express web app",
|
||||
"RepositoryUrl": "ms-identity-javascript-nodejs-tutorial",
|
||||
"Endpoint": "AAD v2.0"
|
||||
},
|
||||
"AADApps": [
|
||||
{
|
||||
"Id": "webApp",
|
||||
"Name": "ms-identity-node",
|
||||
"Kind": "WebApp",
|
||||
"Audience": "AzureADMyOrg",
|
||||
"HomePage": "http://localhost:3000",
|
||||
"ReplyUrls": "http://localhost:3000/redirect",
|
||||
"PasswordCredentials": "Auto"
|
||||
}
|
||||
],
|
||||
"CodeConfiguration": [
|
||||
{
|
||||
"App": "webApp",
|
||||
"SettingKind": "Replace",
|
||||
"SettingFile": "\\..\\index.js",
|
||||
"Mappings": [
|
||||
{
|
||||
"key": "Enter_the_Application_Id_Here",
|
||||
"value": ".AppId"
|
||||
},
|
||||
{
|
||||
"key": "Enter_the_Cloud_Instance_Id_HereEnter_the_Tenant_Info_Here",
|
||||
"value": "'https://login.microsoftonline.com/common'"
|
||||
},
|
||||
{
|
||||
"key": "Enter_the_Client_Secret_Here",
|
||||
"value": ".AppKey"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -0,0 +1,13 @@
|
||||
## [project-title] Changelog
|
||||
|
||||
<a name="x.y.z"></a>
|
||||
# x.y.z (yyyy-mm-dd)
|
||||
|
||||
*Features*
|
||||
* ...
|
||||
|
||||
*Bug Fixes*
|
||||
* ...
|
||||
|
||||
*Breaking Changes*
|
||||
* ...
|
@ -0,0 +1,76 @@
|
||||
# Contributing to [project-title]
|
||||
|
||||
This project welcomes contributions and suggestions. Most contributions require you to agree to a
|
||||
Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us
|
||||
the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.
|
||||
|
||||
When you submit a pull request, a CLA bot will automatically determine whether you need to provide
|
||||
a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions
|
||||
provided by the bot. You will only need to do this once across all repos using our CLA.
|
||||
|
||||
This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
|
||||
For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or
|
||||
contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
|
||||
|
||||
- [Code of Conduct](#coc)
|
||||
- [Issues and Bugs](#issue)
|
||||
- [Feature Requests](#feature)
|
||||
- [Submission Guidelines](#submit)
|
||||
|
||||
## <a name="coc"></a> Code of Conduct
|
||||
Help us keep this project open and inclusive. Please read and follow our [Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
|
||||
|
||||
## <a name="issue"></a> Found an Issue?
|
||||
If you find a bug in the source code or a mistake in the documentation, you can help us by
|
||||
[submitting an issue](#submit-issue) to the GitHub Repository. Even better, you can
|
||||
[submit a Pull Request](#submit-pr) with a fix.
|
||||
|
||||
## <a name="feature"></a> Want a Feature?
|
||||
You can *request* a new feature by [submitting an issue](#submit-issue) to the GitHub
|
||||
Repository. If you would like to *implement* a new feature, please submit an issue with
|
||||
a proposal for your work first, to be sure that we can use it.
|
||||
|
||||
* **Small Features** can be crafted and directly [submitted as a Pull Request](#submit-pr).
|
||||
|
||||
## <a name="submit"></a> Submission Guidelines
|
||||
|
||||
### <a name="submit-issue"></a> Submitting an Issue
|
||||
Before you submit an issue, search the archive, maybe your question was already answered.
|
||||
|
||||
If your issue appears to be a bug, and hasn't been reported, open a new issue.
|
||||
Help us to maximize the effort we can spend fixing issues and adding new
|
||||
features, by not reporting duplicate issues. Providing the following information will increase the
|
||||
chances of your issue being dealt with quickly:
|
||||
|
||||
* **Overview of the Issue** - if an error is being thrown a non-minified stack trace helps
|
||||
* **Version** - what version is affected (e.g. 0.1.2)
|
||||
* **Motivation for or Use Case** - explain what are you trying to do and why the current behavior is a bug for you
|
||||
* **Browsers and Operating System** - is this a problem with all browsers?
|
||||
* **Reproduce the Error** - provide a live example or a unambiguous set of steps
|
||||
* **Related Issues** - has a similar issue been reported before?
|
||||
* **Suggest a Fix** - if you can't fix the bug yourself, perhaps you can point to what might be
|
||||
causing the problem (line of code or commit)
|
||||
|
||||
You can file new issues by providing the above information at the corresponding repository's issues link: https://github.com/[organization-name]/[repository-name]/issues/new].
|
||||
|
||||
### <a name="submit-pr"></a> Submitting a Pull Request (PR)
|
||||
Before you submit your Pull Request (PR) consider the following guidelines:
|
||||
|
||||
* Search the repository (https://github.com/[organization-name]/[repository-name]/pulls) for an open or closed PR
|
||||
that relates to your submission. You don't want to duplicate effort.
|
||||
|
||||
* Make your changes in a new git fork:
|
||||
|
||||
* Commit your changes using a descriptive commit message
|
||||
* Push your fork to GitHub:
|
||||
* In GitHub, create a pull request
|
||||
* If we suggest changes then:
|
||||
* Make the required updates.
|
||||
* Rebase your fork and force push to your GitHub repository (this will update your Pull Request):
|
||||
|
||||
```shell
|
||||
git rebase master -i
|
||||
git push -f
|
||||
```
|
||||
|
||||
That's it! Thank you for your contribution!
|
@ -0,0 +1,11 @@
|
||||
FROM node
|
||||
|
||||
ADD ./ /auth
|
||||
|
||||
WORKDIR /auth
|
||||
|
||||
RUN npm i
|
||||
|
||||
EXPOSE 3000
|
||||
|
||||
CMD ["npm", "start"]
|
@ -0,0 +1,21 @@
|
||||
MIT License
|
||||
|
||||
Copyright (c) Microsoft Corporation.
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE
|
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,16 @@
|
||||
{
|
||||
"name": "msal-node-auth-code",
|
||||
"version": "1.0.0",
|
||||
"description": "sample app for msal-node",
|
||||
"main": "index.js",
|
||||
"scripts": {
|
||||
"start": "node index.js"
|
||||
},
|
||||
"author": "Microsoft",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@azure/msal-node": "^1.0.0",
|
||||
"express": "^4.17.1",
|
||||
"uuid": "^8.3.1"
|
||||
}
|
||||
}
|
Loading…
Reference in new issue