是否有人成功使用 Azure AD 对 Node.js Web 应用程序的用户进行身份验证? [英] Has anyone successfully used Azure AD to authenticate users for a Node.js web application?

问题描述

我正在尝试使用 Azure Active Directory 对我的 node.js Web 应用程序的用户进行身份验证，但到目前为止没有成功.

我想知道是否有人真正实现过它，因为文档很差.通常有示例代码，但实际上并没有任何指示所需参数是什么以及它们应该是什么.

我已经尝试过 passport-azure-ad(我认为来自 Microsoft)和 passport.azure-ad-oauth2(来自 Auth0(?)).对于 passport-azure-ad，我尝试了 BearerStrategy 和 OIDCStrategy，但没有成功.

对于 BearerStrategy，我收到一些关于我的客户端和资源识别同一应用程序的神秘消息，但由于没有文档告诉我这些应该是什么，我不知所措.

对于 OIDCStrategy，我更接近一点，因为我被重定向到 Microsoft 进行身份验证，但在返回时我收到错误错误:响应中不存在 ID 令牌".我猜我的请求不够正确，无论出于何种原因给我一个令牌，但由于没有文档......(你明白了).

无论如何，如果有人真正成功地实现了它并且能够分享一些关于它是如何实现的指针，那就太好了.

非常感谢.

解决方案

这是一个代码示例，它是关于将 Azure AD 集成到 Microsoft 在 GitHub 上提供的 NodeJS Web 应用程序中，位于

将 AD 应用程序的 Azure AD 端点填充到 config.js 中的 identityMetadata 属性中.正如代码中的注释所说，如果您的 Azure AD 在 Microsoft 域中，例如:然后，您不必更改设置.否则，您需要将config.js中endpoint中的common替换为您的AD ID，您可以点击底部的VIEW ENDPOINT导航找到 ID:

在 config.js 中配置 clientID 和 clientSecret.你们都可以在 AD 应用程序的 CONFIGRE 页面中找到它们:关于密钥，您可以选择下拉选择密钥的持续时间来创建一个新的，点击底部导航的保存按钮，您可以在第一次创建它时看到密钥数据.

李>

完成这些步骤后，您可以尝试示例项目.

I am attempting to use Azure Active Directory to authenticate users for my node.js web application, so far with no luck.

I am wondering if anyone has actually ever achieved it since the documentation is quite poor. There is typically example code, but not really any indication of what the required parameters are and what they should be.

I have tried passport-azure-ad (which I think is from Microsoft) and passport.azure-ad-oauth2 (which is from Auth0(?)). For passport-azure-ad, I have tried the BearerStrategy and also the OIDCStrategy with no luck.

For BearerStrategy I get some cryptic message about my client and resource identifying the same application, but since there is no documentation telling me what those should be, I'm at a loss.

For the OIDCStrategy, I'm a bit closer in that I get redirected to Microsoft for authentication, but on return I get the error "Error: ID Token not present in response". I'm guessing that my request isn't correct enough to give me a token back for whatever reason, but since there is no documentation...(you get the idea).

Anyway, if anyone has actually successfully achieved it and is able to share some pointers as to how it was achieved, that would be great.

Many thanks.

解决方案

Here is a code example which is about integrating Azure AD into a NodeJS web application provided by Microsoft on GitHub, at https://github.com/Azure-Samples/active-directory-node-webapp-openidconnect.

And to make the sample run, you need to configure a few settings in the sample code about your Azure AD.

we can find the content as following shown in the config.js file in the root directory of the application:

exports.creds = {
    returnURL: 'http://localhost:3000/auth/openid/return',
    identityMetadata: 'https://login.microsoftonline.com/common/.well-known/openid-configuration', // For using Microsoft you should never need to change this.
    clientID: '<your app id>',
    clientSecret: '<your secret>', // if you are doing code or id_token code
    skipUserProfile: true, // for AzureAD should be set to true.
    responseType: 'id_token code', // for login only flows use id_token. For accessing resources use `id_token code`
    responseMode: 'query', // For login only flows we should have token passed back to us in a POST
    //scope: ['email', 'profile'] // additional scopes you may wish to pass
 };

now you need to login the Azure manage portal, header to your Azure AD application page. Click the CONFIGURE tab to configure your AD.

• Input the returnURL in config.js into the REPLY URL form under the single sign-on section:

• fill the Azure AD endpoint of your AD application into the identityMetadata property in config.js. As the comment in the code says, if your Azure AD is in the Microsoft domain like: Then you don't have to change the setting. Otherwise, you need to replace the common in the endpoint in config.js to your AD ID, you can click the VIEW ENDPOINT at the bottom nav to find the ID:

• configure the clientID and clientSecret in config.js. You all can find them in the CONFIGRE page of your AD application: About the key, you can select the dropdown to select a duration of a key to create a new one, click the save button at the bottom nav, you can see the key data at first time you create it.

After finishing these steps, you can try the sample project.

这篇关于是否有人成功使用 Azure AD 对 Node.js Web 应用程序的用户进行身份验证?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！