UNPKG

@bartvanvliet/passport-microsoft

Version:

Microsoft [Graph] authentication strategy for Passport.

github.com/kapulara/passport-microsoft

kapulara/passport-microsoft

120 lines (100 loc) 4.31 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
var express = require('express') , passport = require('passport') , util = require('util') , MicrosoftStrategy = require('passport-microsoft').Strategy; var MICROSOFT_GRAPH_CLIENT_ID = "---your--microsoft--graph--client--id---" var MICROSOFT_GRAPH_CLIENT_SECRET = "---your--microsoft--graph--client--secret--"; // Passport session setup. // To support persistent login sessions, Passport needs to be able to // serialize users into and deserialize users out of the session. Typically, // this will be as simple as storing the user ID when serializing, and finding // the user by ID when deserializing. However, since this example does not // have a database of user records, the complete Microsoft graph profile is // serialized and deserialized. passport.serializeUser(function (user, done) { done(null, user); }); passport.deserializeUser(function (obj, done) { done(null, obj); }); // Use the MicrosoftStrategy within Passport. // Strategies in Passport require a `verify` function, which accept // credentials (in this case, an accessToken, refreshToken, and 37signals // profile), and invoke a callback with a user object. passport.use(new MicrosoftStrategy({ clientID: MICROSOFT_GRAPH_CLIENT_ID, clientSecret: MICROSOFT_GRAPH_CLIENT_SECRET, callbackURL: "http://127.0.0.1:3000/auth/microsoft/callback" }, function (accessToken, refreshToken, profile, done) { // asynchronous verification, for effect... process.nextTick(function () { // To keep the example simple, the user's Microsoft Graph profile is returned to // represent the logged-in user. In a typical application, you would want // to associate the Microsoft account with a user record in your database, // and return that user instead. return done(null, profile); }); } )); var app = express(); // configure Express app.configure(function () { app.set('views', __dirname + '/views'); app.set('view engine', 'ejs'); app.use(express.logger()); app.use(express.cookieParser()); app.use(express.bodyParser()); app.use(express.methodOverride()); app.use(express.session({ secret: 'keyboard cat' })); // Initialize Passport! Also use passport.session() middleware, to support // persistent login sessions (recommended). app.use(passport.initialize()); app.use(passport.session()); app.use(app.router); app.use(express.static(__dirname + '/public')); }); app.get('/', function (req, res) { res.render('index', { user: req.user }); }); app.get('/account', ensureAuthenticated, function (req, res) { res.render('account', { user: req.user }); }); app.get('/login', function (req, res) { res.render('login', { user: req.user }); }); // GET /auth/microsoft // Use passport.authenticate() as route middleware to authenticate the // request. The first step in Microsoft Graph authentication will involve // redirecting the user to the common Microsoft login endpoint. After authorization, Microsoft // will redirect the user back to this application at /auth/microsoft/callback app.get('/auth/microsoft', passport.authenticate('microsoft'), function (req, res) { // The request will be redirected to Microsoft for authentication, so this // function will not be called. }); // GET /auth/microsoft/callback // Use passport.authenticate() as route middleware to authenticate the // request. If authentication fails, the user will be redirected back to the // login page. Otherwise, the primary route function function will be called, // which, in this example, will redirect the user to the home page. app.get('/auth/microsoft/callback', passport.authenticate('microsoft', { failureRedirect: '/login' }), function (req, res) { res.redirect('/'); }); app.get('/logout', function (req, res) { req.logout(); res.redirect('/'); }); app.listen(3000); // Simple route middleware to ensure user is authenticated. // Use this route middleware on any resource that needs to be protected. If // the request is authenticated (typically via a persistent login session), // the request will proceed. Otherwise, the user will be redirected to the // login page. function ensureAuthenticated(req, res, next) { if (req.isAuthenticated()) { return next(); } res.redirect('/login') }