azure-samples / ms-identity-node Goto Github PK

View Code? Open in Web Editor NEW

52.0 32.0 28.0 126 KB

Sample code to authenticate from within a Webapp backed by Node.js using MSAL Node

License: MIT License

JavaScript 53.98% PowerShell 42.32% CSS 0.32% Handlebars 3.38%

ms-identity-node's Introduction

page_type

languages

products

description

urlFragment

sample

javascript

nodejs

msal-node

microsoft-entra-id

Add authentication to a Node.js web application with the Microsoft Authentication Library for Node.js (MSAL Node).

ms-identity-node

Express web application built with MSAL Node and Microsoft identity platform

This sample demonstrates how to use MSAL Node to login, logout and acquire an access token for a protected resource such as Microsoft Graph.

Features

This sample demonstrates the following MSAL Node concepts:

Configuration
Login
Logout
Acquiring an access token and calling Microsoft Graph

File/folder	Description
`App/`	Application source code resides here.
`AppCreationScripts/`	Contains PowerShell scripts for automating app registration.
`.gitignore`	Define what to ignore at commit time.
`CHANGELOG.md`	List of changes to the sample.
`CONTRIBUTING.md`	Guidelines for contributing to the sample.
`README.md`	This README file.
`LICENSE`	The license for the sample.

Note: This sample was bootstrapped using express-generator.

Getting Started

Prerequisites

Node.js must be installed to run this sample.

Setup

Register a new application by following the steps shown here
Clone this repository git clone https://github.com/Azure-Samples/ms-identity-node.git
Open the /App/.env.dev file and provide the required configuration values
On the command line, navigate to the App folder, and runnpm install to install the project dependencies via npm

Running the sample

Configure authentication and authorization parameters:
1. Open App/.env.dev
2. Replace the string "Enter_the_Application_Id_Here" with your app/client ID on Microsoft Entra admin center.
3. Replace the string "Enter_the_Cloud_Instance_Id_Here" with "https://login.microsoftonline.com/"
4. Replace the string "Enter_the_Tenant_Info_Here" with your tenant ID on Microsoft Entra admin center.
5. Replace the string "Enter_the_Client_Secret_Here" with your client secret on Microsoft Entra admin center.
Configure the parameters for calling MS Graph API:
1. Replace the string "Enter_the_Graph_Endpoint_Here" with "https://graph.microsoft.com/"
Configure the Express session secret:
1. Replace the string "Enter_the_Express_Session_Secret_Here" with a hard to guess value, such as your client secret.
To start the sample application, run npm start.
Finally, open a browser and navigate to http://localhost:3000.

ℹ️ To configure this app for tenants on Sovereign/National clouds, see: Use MSAL in a national cloud environment

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com.

When you submit a pull request, a CLA bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.

ms-identity-node's People

Contributors

Stargazers

Watchers

ms-identity-node's Issues

Login fails when opening multiple tabs at once

Please provide us with the following information:

This issue is for a: (mark with an `x`)

- [x] bug report -> please search issues before submitting
- [ ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

Set your browser to open multiple tabs to localhost:3000/users/id on startup

Any log messages given by the failure

One tab will login, but the others will all show something like

invalid_grant: 501481 - [2023-12-15 16:48:51Z]: AADSTS501481: The Code_Verifier does not match the code_challenge supplied in the authorization request. Trace ID: *** Correlation ID: *** Timestamp: 2023-12-15 16:48:51Z - Correlation ID: *** - Trace ID: ***

Expected/desired behavior

All tabs should log in.

OS and Version?

Windows 10

Versions

@azure/msal-node": "^1.17.3

Mention any other details that might be useful

This seems to be due to how each request will start to initiate a login process, but since there is no session to share amongst the tabs the first tab to respond with the Set-Cookie header will force the others to then use the login codes associated to that tab instead of the ones they had used to initiate the call to login with MS.

Thanks! We'll be in touch soon.

verifier issue

Getting this error

C:\test\ms-identity-node\app\auth\AuthProvider.js:132
                codeVerifier: req.session.pkceCodes.verifier,
                                                    ^

TypeError: Cannot read properties of undefined (reading 'verifier')
    at C:\test\ms-identity-node\app\auth\AuthProvider.js:132:53
    at Layer.handle [as handle_request] (C:\test\ms-identity-node\app\node_modules\express\lib\router\layer.js:95:5)
    at next (C:\test\ms-identity-node\app\node_modules\express\lib\router\route.js:144:13)
    at Route.dispatch (C:\test\ms-identity-node\app\node_modules\express\lib\router\route.js:114:3)
    at Layer.handle [as handle_request] (C:\test\ms-identity-node\app\node_modules\express\lib\router\layer.js:95:5)
    at C:\test\ms-identity-node\app\node_modules\express\lib\router\index.js:284:15
    at Function.process_params (C:\test\ms-identity-node\app\node_modules\express\lib\router\index.js:346:12)
    at next (C:\test\ms-identity-node\app\node_modules\express\lib\router\index.js:280:10)
    at Function.handle (C:\test\ms-identity-node\app\node_modules\express\lib\router\index.js:175:3)
    at router (C:\test\ms-identity-node\app\node_modules\express\lib\router\index.js:47:12)

redirect_uri_empty: A redirect URI is required for all calls, and none has been set.

Please provide us with the following information:

This issue is for a: (mark with an `x`)

- [x] bug report -> please search issues before submitting
- [ ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

don't know how to reproduce but a lot of users have the issue but we've not found any reason.
They have this error when trey're trying to login after using microsoft authenticator :
ClientConfigurationError: redirect_uri_empty: A redirect URI is required for all calls, and none has been set.
at ClientConfigurationError.AuthError [as constructor] (/app/node_modules/@azure/msal-common/dist/index.cjs.js:499:24)
at ClientConfigurationError.ClientAuthError [as constructor] (/app/node_modules/@azure/msal-common/dist/index.cjs.js:819:28)
at new ClientConfigurationError (/app/node_modules/@azure/msal-common/dist/index.cjs.js:1560:28)
at ClientConfigurationError.createRedirectUriEmptyError (/app/node_modules/@azure/msal-common/dist/index.cjs.js:1569:16)
at RequestValidator.validateRedirectUri (/app/node_modules/@azure/msal-common/dist/index.cjs.js:3582:44)
at RequestParameterBuilder.addRedirectUri (/app/node_modules/@azure/msal-common/dist/index.cjs.js:3711:26)
at AuthorizationCodeClient. (/app/node_modules/@azure/msal-common/dist/index.cjs.js:5881:46)
at step (/app/node_modules/@azure/msal-common/dist/index.cjs.js:79:23)
at Object.next (/app/node_modules/@azure/msal-common/dist/index.cjs.js:60:53)
at /app/node_modules/@azure/msal-common/dist/index.cjs.js:53:71

it's not for all users. I can't reproduce this error.
some users tried to remove cookies or use an other browser with success.
I've tried to remove the cookie (connect.sid) on the login and logout page. Does not seam to change anything for our users.

A redirect exist in the configuration and works fine for a lot users.

Any log messages given by the failure

They have this error :
ClientConfigurationError: redirect_uri_empty: A redirect URI is required for all calls, and none has been set.
at ClientConfigurationError.AuthError [as constructor] (/app/node_modules/@azure/msal-common/dist/index.cjs.js:499:24)
at ClientConfigurationError.ClientAuthError [as constructor] (/app/node_modules/@azure/msal-common/dist/index.cjs.js:819:28)
at new ClientConfigurationError (/app/node_modules/@azure/msal-common/dist/index.cjs.js:1560:28)
at ClientConfigurationError.createRedirectUriEmptyError (/app/node_modules/@azure/msal-common/dist/index.cjs.js:1569:16)
at RequestValidator.validateRedirectUri (/app/node_modules/@azure/msal-common/dist/index.cjs.js:3582:44)
at RequestParameterBuilder.addRedirectUri (/app/node_modules/@azure/msal-common/dist/index.cjs.js:3711:26)
at AuthorizationCodeClient. (/app/node_modules/@azure/msal-common/dist/index.cjs.js:5881:46)
at step (/app/node_modules/@azure/msal-common/dist/index.cjs.js:79:23)
at Object.next (/app/node_modules/@azure/msal-common/dist/index.cjs.js:60:53)
at /app/node_modules/@azure/msal-common/dist/index.cjs.js:53:71

Expected/desired behavior

supposed to go on the home page ( / )

OS and Version?

Windows 7, 8 or 10. Linux (which distribution). macOS (Yosemite? El Capitan? Sierra?)

Server :
OS Ubuntu 22.04.3 LTS
Nodejs v20.11.0
"@azure/msal-node": "^1.17.3",

Client:
same issue using chrome on mac or edge on windows. Not found any common point.
This configuration did not work before to clean all cookies :
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36

Versions

Mention any other details that might be useful

any ideas may be helpful !
Kind regards,

Thanks! We'll be in touch soon.

Feature Request: Convert Example to TypeScript

This issue is for a: (mark with an `x`)

- [ ] bug report -> please search issues before submitting
- [X] feature request
- [X] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)

Minimal steps to reproduce

Clone Repo and run

Any log messages given by the failure

N/A

Expected/desired behavior

The code should be in TypeScript format to better describe the object structure, help avoid bugs, and accelerate app creation. This app can then be transpired to JS by the end user via the TSC command to get the JS equivalent in any ECMA Script version and any module import format based on the tsconfig. By having the app created in TypeScript, this allows for the flexibility to transpile the example code to any format that the end user sees fit without much maintainer work.

OS and Version?

All

Versions

All

azure-samples / ms-identity-node Goto Github PK

ms-identity-node's Introduction

Express web application built with MSAL Node and Microsoft identity platform

Features

Contents

Getting Started

Prerequisites

Setup

Running the sample

Contributing

ms-identity-node's People

Contributors

Stargazers

Watchers

Forkers

ms-identity-node's Issues

Please provide us with the following information:

This issue is for a: (mark with an x)

Minimal steps to reproduce

Any log messages given by the failure

Expected/desired behavior

OS and Version?

Versions

Mention any other details that might be useful

Please provide us with the following information:

This issue is for a: (mark with an x)

Minimal steps to reproduce

Any log messages given by the failure

Expected/desired behavior

OS and Version?

Versions

Mention any other details that might be useful

This issue is for a: (mark with an x)

Minimal steps to reproduce

Any log messages given by the failure

Expected/desired behavior

OS and Version?

Versions

Recommend Projects

Recommend Topics

Recommend Org

This issue is for a: (mark with an `x`)

This issue is for a: (mark with an `x`)

This issue is for a: (mark with an `x`)