From b1981d53672874b5d0f0a9fc23ab29760e8df5d2 Mon Sep 17 00:00:00 2001 From: kawakami <44276443+Jnchi@users.noreply.github.com> Date: Fri, 1 Nov 2019 11:40:58 -0400 Subject: [PATCH] Add password strategy for Azure Active Directory --- modules/users/server/config/strategies/aad.js | 42 +++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 modules/users/server/config/strategies/aad.js diff --git a/modules/users/server/config/strategies/aad.js b/modules/users/server/config/strategies/aad.js new file mode 100644 index 0000000..e8f5e13 --- /dev/null +++ b/modules/users/server/config/strategies/aad.js @@ -0,0 +1,42 @@ +'use strict'; +/** + * Module dependencies. + */ +var passport = require('passport'), + OIDCStrategy = require('passport-azure-ad').OIDCStrategy, + users = require('../../controllers/users.server.controller'); +module.exports = function (config) { + passport.use(new OIDCStrategy({ + identityMetadata: 'https://login.microsoftonline.com/common/.well-known/openid-configuration', + clientID: config['azuread-openidconnect'].clientID, + responseType: 'id_token', + responseMode: 'form_post', + redirectUrl: process.env.AZUREAD_REPLY_URL, + allowHttpForRedirectUrl: (config.secure && config.secure.ssl === true) ? false : true, + clientSecret: config['azuread-openidconnect'].clientSecret, + validateIssuer: false, + isB2C: false, + issuer: null, + passReqToCallback: true, + scope: ['profile', 'email'], + loggingLevel: 'info', + nonceLifetime: null, + }, + function(req, iss, sub, profile, done) { + // Create the user OAuth profile + var providerUserProfile = { + firstName: profile.name.givenName, + lastName: profile.name.familyName, + displayName: profile.displayName, + email: profile.upn, + username: profile.upn, + upn: profile.upn, + provider: 'azuread-openidconnect', + providerIdentifierField: 'upn', + providerData: profile._json + }; + // Save the user OAuth profile + users.saveOAuthUserProfile(req, providerUserProfile, done); + } + )); +};