adal-node

What is adal-node?

The adal-node package is a Node.js library that provides authentication and authorization functionalities using Azure Active Directory (AAD). It allows applications to authenticate users and acquire tokens to access Azure resources.

What are adal-node's main functionalities?

Authentication

This feature allows you to authenticate a client application using client credentials (client ID and client secret) and acquire an access token to access Azure resources.

const adal = require('adal-node');
const AuthenticationContext = adal.AuthenticationContext;
const authorityUrl = 'https://login.microsoftonline.com/common';
const resource = 'https://graph.windows.net';
const clientId = 'your-client-id';
const clientSecret = 'your-client-secret';
const context = new AuthenticationContext(authorityUrl);

context.acquireTokenWithClientCredentials(resource, clientId, clientSecret, (err, tokenResponse) => {
  if (err) {
    console.log('Error acquiring token: ', err);
  } else {
    console.log('Token acquired: ', tokenResponse);
  }
});

Token Refresh

This feature allows you to refresh an expired access token using a refresh token, ensuring continuous access to Azure resources without requiring the user to re-authenticate.

const adal = require('adal-node');
const AuthenticationContext = adal.AuthenticationContext;
const authorityUrl = 'https://login.microsoftonline.com/common';
const resource = 'https://graph.windows.net';
const clientId = 'your-client-id';
const refreshToken = 'your-refresh-token';
const context = new AuthenticationContext(authorityUrl);

context.acquireTokenWithRefreshToken(refreshToken, clientId, null, resource, (err, tokenResponse) => {
  if (err) {
    console.log('Error refreshing token: ', err);
  } else {
    console.log('Token refreshed: ', tokenResponse);
  }
});

User Authentication

This feature allows you to generate an authentication URL for user login. The user navigates to this URL to authenticate and authorize the application to access Azure resources on their behalf.

const adal = require('adal-node');
const AuthenticationContext = adal.AuthenticationContext;
const authorityUrl = 'https://login.microsoftonline.com/common';
const resource = 'https://graph.windows.net';
const clientId = 'your-client-id';
const redirectUri = 'http://localhost:3000/callback';
const context = new AuthenticationContext(authorityUrl);

const authUrl = context.getAuthCodeUrl({
  response_type: 'code',
  client_id: clientId,
  redirect_uri: redirectUri,
  resource: resource
});

console.log('Navigate to: ', authUrl);

Other packages similar to adal-node

msal

The msal (Microsoft Authentication Library) package provides similar functionalities to adal-node but is more modern and supports a wider range of authentication scenarios, including single-page applications (SPA), mobile applications, and server-side applications. It is the recommended library for new applications.

passport-azure-ad

The passport-azure-ad package is a collection of Passport strategies for authenticating with Azure Active Directory. It provides a more integrated approach for applications using the Passport.js middleware for authentication in Node.js applications.

azure-identity

The azure-identity package is part of the Azure SDK for JavaScript and provides a unified way to authenticate and acquire tokens for Azure services. It supports various authentication methods, including managed identities, service principals, and interactive user authentication.

README

Windows Azure Active Directory Authentication Library (ADAL) for Node.js

The ADAL for node.js library makes it easy for node.js applications to authenticate to AAD in order to access AAD protected web resources. It supports 3 authentication modes shown in the quickstart code below.

Samples and Documentation

We provide a full suite of sample applications and documentation on GitHub to help you get started with learning the Azure Identity system. This includes tutorials for native clients such as Windows, Windows Phone, iOS, OSX, Android, and Linux. We also provide full walkthroughs for authentication flows such as OAuth2, OpenID Connect, Graph API, and other awesome features.

Community Help and Support

We leverage Stack Overflow to work with the community on supporting Azure Active Directory and its SDKs, including this one! We highly recommend you ask your questions on Stack Overflow (we're all on there!) Also browser existing issues to see if someone has had your question before.

We recommend you use the "adal" tag so we can see it! Here is the latest Q&A on Stack Overflow for ADAL: http://stackoverflow.com/questions/tagged/adal

Contributing

All code is licensed under the Apache 2.0 license and we triage actively on GitHub. We enthusiastically welcome contributions and feedback. You can clone the repo and start contributing now.

Quick Start

Installation

$ npm install adal-node

Authorization Code

See the website sample for a complete bare bones express based web site that makes use of the code below.

var AuthenticationContext = require('adal-node').AuthenticationContext;

var clientId = 'yourClientIdHere';
var clientSecret = 'yourAADIssuedClientSecretHere'
var redirectUri = 'yourRedirectUriHere';
var authorityHostUrl = 'https://login.windows.net';
var tenant = 'myTenant';
var authorityUrl = authorityHostUrl + '/' + tenant;
var redirectUri = 'http://localhost:3000/getAToken';
var resource = '00000002-0000-0000-c000-000000000000';
var templateAuthzUrl = 'https://login.windows.net/' + 
                        tenant + 
                        '/oauth2/authorize?response_type=code&client_id=' +
                        clientId + 
                        '&redirect_uri=' + 
                        redirectUri + '
                        &state=<state>&resource=' + 
                        resource;

function createAuthorizationUrl(state) {
  return templateAuthzUrl.replace('<state>', state);
}

// Clients get redirected here in order to create an OAuth authorize url and redirect them to AAD.
// There they will authenticate and give their consent to allow this app access to
// some resource they own.
app.get('/auth', function(req, res) {
  crypto.randomBytes(48, function(ex, buf) {
    var token = buf.toString('base64').replace(/\//g,'_').replace(/\+/g,'-');

    res.cookie('authstate', token);
    var authorizationUrl = createAuthorizationUrl(token);

    res.redirect(authorizationUrl);
  });
});

// After consent is granted AAD redirects here.  The ADAL library is invoked via the
// AuthenticationContext and retrieves an access token that can be used to access the
// user owned resource.
app.get('/getAToken', function(req, res) {
  if (req.cookies.authstate !== req.query.state) {
    res.send('error: state does not match');
  }

  var authenticationContext = new AuthenticationContext(authorityUrl);

  authenticationContext.acquireTokenWithAuthorizationCode(
    req.query.code,
    redirectUri,
    resource,
    clientId, 
    clientSecret,
    function(err, response) {
      var errorMessage = '';
      if (err) {
        errorMessage = 'error: ' + err.message + '\n';
      }
      errorMessage += 'response: ' + JSON.stringify(response);
      res.send(errorMessage);
    }
  );
});

Server to Server via Client Credentials

See the client credentials sample.

var adal = require('adal-node').AuthenticationContext;

var authorityHostUrl = 'https://login.windows.net';
var tenant = 'myTenant';
var authorityUrl = authorityHostUrl + '/' + tenant;
var clientId = 'yourClientIdHere';
var clientSecret = 'yourAADIssuedClientSecretHere'
var resource = '00000002-0000-0000-c000-000000000000';

var context = new AuthenticationContext(authorityUrl);

context.acquireTokenWithClientCredentials(resource, clientId, clientSecret, function(err, tokenResponse) {
  if (err) {
    console.log('well that didn\'t work: ' + err.stack);
  } else {
    console.log(tokenResponse);
  }
});

License

Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License");