feat: azure ad auth (wip)

2019-07-20 00:16:29 -04:00
parent 08fd10603f
commit 9966a97bd3
7 changed files with 122 additions and 41 deletions
--- a/server/modules/authentication/azure/authentication.js
+++ b/server/modules/authentication/azure/authentication.js
@@ -4,23 +4,21 @@
 // Azure AD Account
 // ------------------------------------

-const AzureAdOAuth2Strategy = require('passport-azure-ad-oauth2').Strategy
+const OIDCStrategy = require('passport-azure-ad').OIDCStrategy

 module.exports = {
  init (passport, conf) {
-    const jwt = require('jsonwebtoken')
-    passport.use('azure_ad_oauth2',
-      new AzureAdOAuth2Strategy({
+    passport.use('azure',
+      new OIDCStrategy({
+        identityMetadata: conf.entryPoint,
        clientID: conf.clientId,
-        clientSecret: conf.clientSecret,
-        callbackURL: conf.callbackURL,
-        resource: conf.resource,
-        tenant: conf.tenant
-      }, (accessToken, refreshToken, params, profile, cb) => {
-        console.info(params, profile)
-        let waadProfile = jwt.decode(params.id_token)
-        waadProfile.id = waadProfile.oid
-        waadProfile.provider = 'azure'
+        redirectUrl: conf.callbackURL,
+        responseType: 'id_token',
+        responseMode: 'form_post',
+        scope: ['profile', 'email', 'openid'],
+        allowHttpForRedirectUrl: WIKI.IS_DEBUG
+      }, (iss, sub, profile, cb) => {
+        console.info(iss, sub, profile)
        // WIKI.models.users.processProfile(waadProfile).then((user) => {
        //   return cb(null, user) || true
        // }).catch((err) => {
--- a/server/modules/authentication/azure/definition.yml
+++ b/server/modules/authentication/azure/definition.yml
@@ -5,14 +5,21 @@ author: requarks.io
 logo: https://static.requarks.io/logo/azure.svg
 color: blue darken-3
 website: https://azure.microsoft.com/services/active-directory/
-isAvailable: false
+isAvailable: true
 useForm: false
+scopes:
+  - profile
+  - email
+  - openid
 props:
-  clientId: String
-  clientSecret: String
-  resource:
-    type: String,
-    default: '00000002-0000-0000-c000-000000000000'
-  tenant:
-    type: String,
-    default: YOUR_TENANT.onmicrosoft.com
+  entryPoint:
+    type: String
+    title: Identity Metadata Endpoint
+    hint: The metadata endpoint provided by the Microsoft Identity Portal that provides the keys and other important information at runtime.
+    order: 1
+  clientId:
+    type: String
+    title: Client ID
+    hint: The client ID of your application in AAD (Azure Active Directory)
+    order: 2
+