Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
@blitzritz/passport-microsoft
Advanced tools
Changelog
[1.0.0] - 2022-04-14
The API/design is stable enough that this is marked as the 1.0.0 release.
launch.json
for example appprompt
, login_hint
, domain_hint
, locale
, and display
authorization parameters (See #8 and #18), thanks to @rachaelsingletontenant
configuration option (See #17)Readme
Passport strategy for authenticating with Microsoft Graph using the OAuth 2.0 API.
This module lets you authenticate using Microsoft, in your Node.js applications.
By plugging into Passport, Microsoft authentication can be easily and unobtrusively
integrated into any application or framework that supports Connect-style
middleware, including Express.
Install via npm
$ npm install passport-microsoft
The microsoft authentication strategy authenticates users using a microsoft account and OAuth 2.0 tokens. The strategy requires a verify
callback, which
accepts these credentials and calls done
providing a user, as well as
options
specifying a client ID, client secret, and callback URL.
The consumer key and secret are obtained by creating an application at Microsoft's developer site.
var MicrosoftStrategy = require('passport-microsoft').Strategy;
passport.use(new MicrosoftStrategy({
// Standard OAuth2 options
clientID: 'applicationidfrommicrosoft',
clientSecret: 'applicationsecretfrommicrosoft',
callbackURL: "http://localhost:3000/auth/microsoft/callback",
scope: ['user.read'],
// Microsoft specific options
// [Optional] The tenant for the application. Defaults to 'common'.
// Used to construct the authorizationURL and tokenURL
tenant: 'common',
// [Optional] The authorization URL. Defaults to `https://login.microsoftonline.com/${tenant}/oauth2/v2.0/authorize`
authorizationURL: 'https://login.microsoftonline.com/common/oauth2/v2.0/authorize',
// [Optional] The token URL. Defaults to `https://login.microsoftonline.com/${tenant}/oauth2/v2.0/token`
tokenURL: 'https://login.microsoftonline.com/common/oauth2/v2.0/token',
},
function(accessToken, refreshToken, profile, done) {
User.findOrCreate({ userId: profile.id }, function (err, user) {
return done(err, user);
});
}
));
Use passport.authenticate()
, specifying the 'microsoft'
strategy, to
authenticate requests.
For example, as route middleware in an Express application:
app.get('/auth/microsoft',
passport.authenticate('microsoft', {
// Optionally define any authentication parameters here
// For example, the ones in https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
prompt: 'select_account',
}));
app.get('/auth/microsoft/callback',
passport.authenticate('microsoft', { failureRedirect: '/login' }),
function(req, res) {
// Successful authentication, redirect home.
res.redirect('/');
});
For a complete, working example, refer to the login example.
Copyright (c) 2022 Sean Fisher <seafish.io>
FAQs
Microsoft [Graph] authentication strategy for Passport.
The npm package @blitzritz/passport-microsoft receives a total of 48 weekly downloads. As such, @blitzritz/passport-microsoft popularity was classified as not popular.
We found that @blitzritz/passport-microsoft demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.