Skip to content

feat: adds azure AD as oauth2 provider #855

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 4 commits into
base: dev
Choose a base branch
from
Open

feat: adds azure AD as oauth2 provider #855

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
ea92fa4
feat: add o365 provider
vinayakkulkarni Oct 15, 2020
b9fa1e2
fix: refactor code to use latest updated standards
vinayakkulkarni Oct 15, 2020
c70d682
docs: add documentation of plugin
vinayakkulkarni Oct 15, 2020
032ce67
refactor: use `aad` instead of `o365`
vinayakkulkarni Oct 16, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 35 additions & 0 deletions docs/content/en/providers/azure-ad.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
---
title: Azure AD
description: This provider is based on oauth2 scheme and supports all scheme options
position: 38
category: Providers
---

[Source Code](https://github.com/nuxt-community/auth-module/blob/dev/src/providers/aad/index.ts)

## Usage

```js
auth: {
strategies: {
aad: {
clientId: process.env.AAD_CLIENT_ID,
clientSecret: process.env.AAD_CLIENT_SECRET,
tenantId: process.env.AAD_TENANT_ID,
grantType: 'authorization_code'
},
}
}
```

Anywhere in your application logic:

```js
this.$auth.loginWith('aad')
```

💁 This provider is based on [oauth2 scheme](../schemes/oauth2.md) and supports all scheme options.

## Obtaining configs

You need to create an app registration from Azure Portal and make sure to set up everything for an OAuth app in the usual way. e.g. whitelist urls.
17 changes: 17 additions & 0 deletions src/providers/aad/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
import { assignDefaults, addAuthorize } from '../../utils/provider'
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Providers are not inside folders anymore. So you can move the file to providers dir, and rename to ad.ts


export default function aad (nuxt, strategy) {
assignDefaults(strategy, {
scheme: 'oauth2',
endpoints: {
authorization: `https://login.microsoftonline.com/${strategy.tenantId}/oauth2/v2.0/authorize`,
userInfo: 'https://graph.microsoft.com/v1.0/me',
token: `https://login.microsoftonline.com/${strategy.tenantId}/oauth2/v2.0/token`
Comment on lines +7 to +9
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
authorization: `https://login.microsoftonline.com/${strategy.tenantId}/oauth2/v2.0/authorize`,
userInfo: 'https://graph.microsoft.com/v1.0/me',
token: `https://login.microsoftonline.com/${strategy.tenantId}/oauth2/v2.0/token`
authorization: `https://login.microsoftonline.com/${strategy.tenantId || 'common'}/oauth2/v2.0/authorize`,
userInfo: 'https://graph.microsoft.com/v1.0/me',
token: `https://login.microsoftonline.com/${strategy.tenantId || 'common'}/oauth2/v2.0/token`

Does this make sense @JoaoPedroAS51 @bmulholland ?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think should be like this:

  const tenantId = strategy.tenantId || 'common'

  assignDefaults(strategy, {
    scheme: 'oauth2',
    endpoints: {
      authorization: `https://login.microsoftonline.com/${tenantId}/oauth2/v2.0/authorize`,
      userInfo: 'https://graph.microsoft.com/v1.0/me',
      token: `https://login.microsoftonline.com/${tenantId}/oauth2/v2.0/token`
    },
    codeChallengeMethod: 'S256',
    scope: ['openid', 'profile'],
    autoLogout: true
  })

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed, @JoaoPedroAS51's approach is much easier to read. I'd suggest a comment above the || "common" line that says this:

// Allows users with both personal Microsoft accounts and work/school accounts from Azure AD to sign into the application.
// https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols#endpoints

},
codeChallengeMethod: 'S256',
scope: ['openid', 'profile'],
autoLogout: true
})

addAuthorize(nuxt, strategy)
}