是否有人成功使用Azure AD对Node.js Web应用程序的用户进行身份验证? [英] Has anyone successfully used Azure AD to authenticate users for a Node.js web application?

问题描述

到目前为止，我一直试图使用Azure Active Directory来验证我的node.js Web应用程序的用户身份.

I am attempting to use Azure Active Directory to authenticate users for my node.js web application, so far with no luck.

我想知道由于文档非常差，是否有人真正实现了这一目标.通常有示例代码，但实际上并没有任何指示什么是必需的参数以及它们应该是什么.

I am wondering if anyone has actually ever achieved it since the documentation is quite poor. There is typically example code, but not really any indication of what the required parameters are and what they should be.

我已经尝试了passport-azure-ad(我认为是来自微软)和passport.azure-ad-oauth2(这是来自Auth0(?)).对于护照蓝色广告，我尝试了BearerStrategy以及OIDCStrategy都没有运气.

I have tried passport-azure-ad (which I think is from Microsoft) and passport.azure-ad-oauth2 (which is from Auth0(?)). For passport-azure-ad, I have tried the BearerStrategy and also the OIDCStrategy with no luck.

对于BearerStrategy，我得到一些有关客户端和资源识别相同应用程序的神秘消息，但是由于没有文档告诉我这些应该是什么，所以我很茫然.

For BearerStrategy I get some cryptic message about my client and resource identifying the same application, but since there is no documentation telling me what those should be, I'm at a loss.

对于OIDCStrategy，我离身份更近，因为我重定向到Microsoft进行身份验证，但返回时出现错误错误:响应中不存在ID令牌".我猜测我的请求不够正确，无论出于何种原因都无法给我回令牌，但是由于没有文档...(您明白了).

For the OIDCStrategy, I'm a bit closer in that I get redirected to Microsoft for authentication, but on return I get the error "Error: ID Token not present in response". I'm guessing that my request isn't correct enough to give me a token back for whatever reason, but since there is no documentation...(you get the idea).

无论如何，如果有人真正成功地实现了目标并且能够分享实现目标的一些指示，那就太好了.

Anyway, if anyone has actually successfully achieved it and is able to share some pointers as to how it was achieved, that would be great.

非常感谢.

推荐答案

下面是一个代码示例，该示例与将Azure AD集成到Microsoft在GitHub上提供的NodeJS Web应用程序中，位于

Here is a code example which is about integrating Azure AD into a NodeJS web application provided by Microsoft on GitHub, at https://github.com/Azure-Samples/active-directory-node-webapp-openidconnect.

要使示例运行，您需要在示例代码中配置有关Azure AD的一些设置.

And to make the sample run, you need to configure a few settings in the sample code about your Azure AD.

我们可以在应用程序的根目录中的config.js文件中找到以下内容:

we can find the content as following shown in the config.js file in the root directory of the application:

exports.creds = {
    returnURL: 'http://localhost:3000/auth/openid/return',
    identityMetadata: 'https://login.microsoftonline.com/common/.well-known/openid-configuration', // For using Microsoft you should never need to change this.
    clientID: '<your app id>',
    clientSecret: '<your secret>', // if you are doing code or id_token code
    skipUserProfile: true, // for AzureAD should be set to true.
    responseType: 'id_token code', // for login only flows use id_token. For accessing resources use `id_token code`
    responseMode: 'query', // For login only flows we should have token passed back to us in a POST
    //scope: ['email', 'profile'] // additional scopes you may wish to pass
 };

现在您需要登录Azure管理门户(Azure AD应用程序页面的标题).点击配置标签以配置广告.

now you need to login the Azure manage portal, header to your Azure AD application page. Click the CONFIGURE tab to configure your AD.

• 在单点登录部分下的REPLY URL形式中，将config.js中的returnURL输入:

• Input the returnURL in config.js into the REPLY URL form under the single sign-on section:

将AD应用程序的Azure AD终结点填充到config.js中的identityMetadata属性中.如代码中的注释所示，如果您的Azure AD在Microsoft域中，例如: 然后，您不必更改设置.否则，您需要将端点config.js中终结点中的common替换为您的广告ID，您可以单击底部导航栏中的 VIEW ENDPOINT 查找ID:

fill the Azure AD endpoint of your AD application into the identityMetadata property in config.js. As the comment in the code says, if your Azure AD is in the Microsoft domain like: Then you don't have to change the setting. Otherwise, you need to replace the common in the endpoint in config.js to your AD ID, you can click the VIEW ENDPOINT at the bottom nav to find the ID:

在config.js中配置clientID和clientSecret.所有人都可以在AD应用程序的 CONFIGRE 页面中找到它们: 关于密钥，您可以选择下拉列表以选择密钥的持续时间以创建新密钥，单击底部导航栏中的保存"按钮，您可以在首次创建密钥时看到密钥数据.

configure the clientID and clientSecret in config.js. You all can find them in the CONFIGRE page of your AD application: About the key, you can select the dropdown to select a duration of a key to create a new one, click the save button at the bottom nav, you can see the key data at first time you create it.

完成这些步骤后，您可以尝试示例项目.

After finishing these steps, you can try the sample project.

这篇关于是否有人成功使用Azure AD对Node.js Web应用程序的用户进行身份验证?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！