安卓>> node-auth-server>> 返回
项目作者: partha360

项目描述 :
Node Server with JWT / Azure AD Authentication
高级语言: JavaScript
项目地址: git://github.com/partha360/node-auth-server.git
创建时间: 2018-01-31T04:35:25Z
项目社区:https://github.com/partha360/node-auth-server
开源协议:
下载


Node JS Authentication Reference Implementation

Tech Stack

  • passport - For Authentication
  • winston & morgon - For logging
  • expressSession - Store logged in session (Azure AD only)
  • mongodb - To store users (JWT & local strategy)
  • bcrypt - Hash password in db
  • jwt-simple - Generate jwt token

Config & Keys

Add the following files under “config” folder.

config.js

  1. exports.creds = {
  2.   // Required
  3.   identityMetadata:
  4.     "https://login.microsoftonline.com/<tenant-name>.onmicrosoft.com/.well-known/openid-configuration",
  5.   clientID: "xxxxx-xxxx-xxx-xxxxx-xxxx",
  7.   // Required, must be "code", "code id_token", "id_token code" or "id_token"
  8.   responseType: "code id_token",
  10.   // Required
  11.   responseMode: "form_post",
  13.   // Required, the reply URL registered in AAD for your app
  14.   redirectUrl: "http://localhost:3000/auth/openid/return",
  16.   // Required if we use http for redirectUrl
  17.   allowHttpForRedirectUrl: true,
  19.   clientSecret: "xxxxxxxxxxxxxxxxx===",
  21.   // Required to set to false if you don"t want to validate issuer
  22.   validateIssuer: true,
  24.   // Required to set to true if you are using B2C endpoint
  25.   // This sample is for v1 endpoint only, so we set it to false
  26.   isB2C: false,
  28.   // Required if you want to provide the issuer(s) you want to validate instead of using the issuer from metadata
  29.   issuer: null,
  31.   // Required to set to true if the `verify` function has "req" as the first parameter
  32.   passReqToCallback: false,
  34.   // Recommended to set to true. By default we save state in express session, if this option is set to true, then
  35.   // we encrypt state and save it in cookie instead. This option together with { session: false } allows your app
  36.   // to be completely express session free.
  37.   useCookieInsteadOfSession: true,
  39.   // Required if `useCookieInsteadOfSession` is set to true. You can provide multiple set of key/iv pairs for key
  40.   // rollover purpose. We always use the first set of key/iv pair to encrypt cookie, but we will try every set of
  41.   // key/iv pair to decrypt cookie. Key can be any string of length 32, and iv can be any string of length 12.
  42.   cookieEncryptionKeys: [
  43.     { key: "12345678901234567890123456789012", iv: "123456789012" },
  44.     { key: "abcdefghijklmnopqrstuvwxyzabcdef", iv: "abcdefghijkl" }
  45.   ],
  47.   // Optional. The additional scope you want besides "openid", for example: ["email", "profile"].
  48.   scope: null,
  50.   // Optional, "error", "warn" or "info"
  51.   loggingLevel: "info",
  53.   // Optional. The lifetime of nonce in session or cookie, the default value is 3600 (seconds).
  54.   nonceLifetime: null,
  56.   // Optional. The max amount of nonce saved in session or cookie, the default value is 10.
  57.   nonceMaxAmount: 5,
  59.   // Optional. The clock skew allowed in token validation, the default value is 300 seconds.
  60.   clockSkew: null
  61. }
  63. // Optional.
  64. // If you want to get access_token for a specific resource, you can provide the resource here; otherwise,
  65. // set the value to null.
  66. // Note that in order to get access_token, the responseType must be "code", "code id_token" or "id_token code".
  67. exports.resourceURL = "https://graph.windows.net"
  69. // The url you need to go to destroy the session with AAD
  70. exports.destroySessionUrl =
  71.   "https://login.microsoftonline.com/common/oauth2/logout?post_logout_redirect_uri=http://localhost:3000"

keys.js

  1. // App secrets and configs
  3. module.exports = {
  4.   "secret": "any-jibberish",
  5.   "mongoConnectionString": "mongo connection string"
  6. }

.env

  1. AzureClientId=<Azure Client ID>
  2. AzureClientSecret=<Azure Client Secret>
  3. MongoConnectionString=<Connection String>

Install and Run

  1. yarn install / npm install
  3. yarn dev / npm run dev

Custom Auth (Local & JWT Strategy)

http://localhost:3000/signin - Signin with Email, Password

http://localhost:3000/signup - SignUp with Email, Password and provides token

Azure AD Auth (OIDC Strategy)

http://localhost:3000/login - Login with Azure AD and receive response

http://localhost:3000/account - Get logged in user”s details from Azure AD (if succesfully logged in)

Testing

Import Postman Collection - https://www.getpostman.com/collections/0691e111e380d9115bca

Code Quality

Pre-configured ESLint and Prettier

  1. yarn lint or npm run lint
  3. yarn format or npm run format

References