Skip to content

feat: adds azure AD as oauth2 provider #855

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 4 commits into
base: dev
Choose a base branch
from
Open

feat: adds azure AD as oauth2 provider #855

wants to merge 4 commits into from

Conversation

vinayakkulkarni
Copy link
Contributor

@vinayakkulkarni vinayakkulkarni force-pushed the feat/office365-azure-ad-oauth2-provider branch from 7cdc33d to 96fc221 Compare November 3, 2020 17:43
@JoaoPedroAS51 JoaoPedroAS51 mentioned this pull request Jan 20, 2021
Open
@bmulholland
Copy link
Contributor

Took me a while to come back to this one :)

It looks good, and is pretty similar to the setup that I have. I'm not logging in to a particular tenant, so my tenantId is "common", and maybe that should be the default? But I think otherwise this is good, and I can add any fixes as I adopt it myself. @JoaoPedroAS51 thoughts?

@bmulholland bmulholland marked this pull request as ready for review January 21, 2021 12:11
JoaoPedroAS51
JoaoPedroAS51 requested changes Jan 21, 2021
View reviewed changes
Copy link
Collaborator

@JoaoPedroAS51 JoaoPedroAS51 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@vinayakkulkarni @noobling Hey! Nice work! 😃

I think we should set tenantId to common by default, as @bmulholland suggested.
And we can also add a scheme that modifies the logout, as suggested by @Dashboard-Community-Center in #1012

vinayakkulkarni
vinayakkulkarni commented Jan 21, 2021
View reviewed changes
src/providers/aad/index.ts
Comment on lines +7 to +9
authorization: `https://login.microsoftonline.com/${strategy.tenantId}/oauth2/v2.0/authorize`,
userInfo: 'https://graph.microsoft.com/v1.0/me',
token: `https://login.microsoftonline.com/${strategy.tenantId}/oauth2/v2.0/token`
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
authorization: `https://login.microsoftonline.com/${strategy.tenantId}/oauth2/v2.0/authorize`,
userInfo: 'https://graph.microsoft.com/v1.0/me',
token: `https://login.microsoftonline.com/${strategy.tenantId}/oauth2/v2.0/token`
authorization: `https://login.microsoftonline.com/${strategy.tenantId || 'common'}/oauth2/v2.0/authorize`,
userInfo: 'https://graph.microsoft.com/v1.0/me',
token: `https://login.microsoftonline.com/${strategy.tenantId || 'common'}/oauth2/v2.0/token`

Does this make sense @JoaoPedroAS51 @bmulholland ?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think should be like this:

  const tenantId = strategy.tenantId || 'common'

  assignDefaults(strategy, {
    scheme: 'oauth2',
    endpoints: {
      authorization: `https://login.microsoftonline.com/${tenantId}/oauth2/v2.0/authorize`,
      userInfo: 'https://graph.microsoft.com/v1.0/me',
      token: `https://login.microsoftonline.com/${tenantId}/oauth2/v2.0/token`
    },
    codeChallengeMethod: 'S256',
    scope: ['openid', 'profile'],
    autoLogout: true
  })

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed, @JoaoPedroAS51's approach is much easier to read. I'd suggest a comment above the || "common" line that says this:

// Allows users with both personal Microsoft accounts and work/school accounts from Azure AD to sign into the application.
// https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols#endpoints

@vinayakkulkarni vinayakkulkarni force-pushed the feat/office365-azure-ad-oauth2-provider branch from 96fc221 to 032ce67 Compare January 21, 2021 14:26
@JoaoPedroAS51
Copy link
Collaborator

The logout method should be something like this. But need to test.

schemes/ad.ts

import { encodeQuery, removeTokenPrefix } from '../utils'
import { Oauth2Scheme } from '../schemes/oauth2'

export class AzureADScheme extends Oauth2Scheme {
  logout() {
    if (this.options.endpoints.logout) {
      const token = removeTokenPrefix(this.token.get())

      const opts = {
        post_logout_redirect_uri: this.logoutRedirectURI,
        id_token_hint: token
      };
      const url = this.options.endpoints.logout + "?" + encodeQuery(opts)
      window.location.replace(url)
    }
    return this.$auth.reset()
  }
}

JoaoPedroAS51
JoaoPedroAS51 requested changes Jan 21, 2021
View reviewed changes
src/providers/aad/index.ts
@@ -0,0 +1,17 @@
import { assignDefaults, addAuthorize } from '../../utils/provider'
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Providers are not inside folders anymore. So you can move the file to providers dir, and rename to ad.ts

@luckb0x
Copy link

luckb0x commented Sep 15, 2021

Any update on the PR progress?
Looks like it's been 8 months since it was raised. Comments seem to show that all work is completed. It would be great to use this as a provider! Thanks 🙌🏼

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bmulholland bmulholland bmulholland left review comments

@JoaoPedroAS51 JoaoPedroAS51 JoaoPedroAS51 requested changes

Assignees
No one assigned
Labels
provider
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@vinayakkulkarni @bmulholland @JoaoPedroAS51 @luckb0x