passport-azure-ad
Advanced tools
WSFED/SAMLP 2.0 authentication Passport strategies for Windows Azure Active Directory
The passport-azure-ad npm package provides authentication and authorization strategies for integrating with Microsoft Azure Active Directory (Azure AD) using the Passport.js framework. It supports various authentication flows including OAuth2, OpenID Connect, and SAML.
OAuth2 Bearer Strategy
This feature allows you to authenticate users using OAuth2 Bearer tokens issued by Azure AD. The code sample demonstrates how to configure and use the BearerStrategy with Passport.js.
const passport = require('passport');
const BearerStrategy = require('passport-azure-ad').BearerStrategy;
const options = {
identityMetadata: 'https://login.microsoftonline.com/{tenant}/v2.0/.well-known/openid-configuration',
clientID: 'your-client-id',
validateIssuer: true,
issuer: 'https://sts.windows.net/{tenant-id}/',
passReqToCallback: false
};
passport.use(new BearerStrategy(options, (token, done) => {
// Token validation logic
done(null, token);
}));OIDC Strategy
This feature allows you to authenticate users using OpenID Connect (OIDC) with Azure AD. The code sample demonstrates how to configure and use the OIDCStrategy with Passport.js.
const passport = require('passport');
const OIDCStrategy = require('passport-azure-ad').OIDCStrategy;
const options = {
identityMetadata: 'https://login.microsoftonline.com/{tenant}/v2.0/.well-known/openid-configuration',
clientID: 'your-client-id',
responseType: 'code id_token',
responseMode: 'form_post',
redirectUrl: 'http://localhost:3000/auth/openid/return',
allowHttpForRedirectUrl: true,
clientSecret: 'your-client-secret',
validateIssuer: true,
passReqToCallback: false
};
passport.use(new OIDCStrategy(options, (iss, sub, profile, accessToken, refreshToken, done) => {
// User profile validation logic
done(null, profile);
}));SAML Strategy
This feature allows you to authenticate users using SAML with Azure AD. The code sample demonstrates how to configure and use the SamlStrategy with Passport.js.
const passport = require('passport');
const SamlStrategy = require('passport-azure-ad').SamlStrategy;
const options = {
identityMetadata: 'https://login.microsoftonline.com/{tenant}/federationmetadata/2007-06/federationmetadata.xml',
loginCallback: 'http://localhost:3000/auth/saml/callback',
issuer: 'your-issuer',
audience: 'your-audience',
cert: 'your-certificate',
privateCert: 'your-private-certificate'
};
passport.use(new SamlStrategy(options, (profile, done) => {
// User profile validation logic
done(null, profile);
}));The passport-google-oauth20 package provides OAuth 2.0 authentication strategy for Google. It allows you to authenticate users using their Google accounts. Compared to passport-azure-ad, it is specific to Google OAuth 2.0 and does not support other authentication flows like SAML or OIDC.
The passport-saml package provides SAML authentication strategy for Passport.js. It allows you to authenticate users using SAML identity providers. Compared to passport-azure-ad, it is more generic and can be used with any SAML identity provider, not just Azure AD.
The passport-oauth2 package provides a generic OAuth 2.0 authentication strategy for Passport.js. It allows you to authenticate users using any OAuth 2.0 provider. Compared to passport-azure-ad, it is more flexible but requires more configuration to work with specific providers like Azure AD.
Passport is authentication middleware for Node.js. Passport can be used in any Express-based web application. A comprehensive and large set of strategies support authentication using a username and password, Facebook, Twitter, and more. In order to enable you to quickly integrate Windows Azure Active Directory in to your website quickly, we have developed a strategy for Windows Azure Active Directory.
The passport-azure-ad module is a WS-Federation / SAML-P authentication provider for Passport. This provider lets you integrate your Node app with Windows Azure AD so you can use its many features, including web single sign-on (WebSSO).
The code is based on Henri Bergius's passport-saml library and Matias Woloski's passport-wsfed-saml2 library.
passport-azure-ad has been tested to work with both Windows Azure Active Directory and with Microsoft Active Directory Federation Services.
For a detailed walkthrough of using Passport.js to add web single sign-on to a Node app, see: Windows Azure AD Walkthrough for Node.js.
$ npm install passport-azure-ad
This sample uses a WS-Federation protocol with express:
var express = require('express');
var passport = require('passport');
var wsfedsaml2 = require('passport-azure-ad').WsfedStrategy
var app = express();
// configure express
app.use(express.cookieParser());
app.use(express.bodyParser());
app.use(express.session({ secret: 'keyboard cat' }));
app.use(passport.initialize());
app.use(passport.session());
app.use(app.router);
var config = {
realm: 'http://localhost:3000/',
identityProviderUrl: 'https://login.windows.net/ad0ffc54-96b9-4757-bbb0-fcc293e2f4aa/wsfed',
identityMetadata: 'https://login.windows.net/ad0ffc54-96b9-4757-bbb0-fcc293e2f4aa/federationmetadata/2007-06/federationmetadata.xml'
logoutUrl:'http://localhost:3000/'
};
var wsfedStrategy = new wsfedsaml2(config, function(profile, done) {
if (!profile.email) {
done(new Error("No email found"));
return;
}
// validate the user here
done(null, profile);
});
passport.use(wsfedStrategy);
// implement your user session strategy here
passport.serializeUser(function(user,cb){ ... });
passport.deserializeUser(function(userid,cb){ ... });
// send the user to WAAD to authenticate
app.get('/login', passport.authenticate('wsfed-saml2', { failureRedirect: '/', failureFlash: true }), function(req, res) {
res.redirect('/');
});
// callback from WAAD with a token
app.post('/login/callback', passport.authenticate('wsfed-saml2', { failureRedirect: '/', failureFlash: true }), function(req, res) {
res.redirect('/');
});
app.listen(process.env.PORT || 3000)
Copyright (c) Microsoft Open Technologies, Inc. All rights reserved. Licensed under the Apache License, Version 2.0 (the "License");
FAQs
OIDC and Bearer Passport strategies for Azure Active Directory
The npm package passport-azure-ad receives a total of 140,335 weekly downloads. As such, passport-azure-ad popularity was classified as popular.
We found that passport-azure-ad demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
A malicious npm package disguised as a WhatsApp client is exploiting authentication flows with a remote kill switch to exfiltrate data and destroy files.
Security News
PyPI now supports digital attestations, enhancing security and trust by allowing package maintainers to verify the authenticity of Python packages.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.